ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

android: Use configured remote ID in auth-cfg 

If one is explicitly set we don't use loose identity matching and send it as
IDr to the server.

Closes #strongswan/strongswan#29.
Fixes #1268.
This commit is contained in:
Tobias Brunner 2016-04-29 12:48:40 +02:00
parent 9c55644158
commit 8b3bf4a4f8
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
View File

@ -682,7 +682,7 @@ static bool add_auth_cfg_cert(private_android_service_t *this,
static job_requeue_t initiate(private_android_service_t *this)
{
identification_t *gateway;
identification_t *gateway = NULL;
ike_cfg_t *ike_cfg;
peer_cfg_t *peer_cfg;
child_cfg_t *child_cfg;
@ -708,7 +708,7 @@ static job_requeue_t initiate(private_android_service_t *this)
.dpd_action = ACTION_RESTART,
.close_action = ACTION_RESTART,
};
char *type, *server;
char *type, *server, *remote_id;
int port;
server = this->settings->get_str(this->settings, "connection.server", NULL);
@ -747,9 +747,20 @@ static job_requeue_t initiate(private_android_service_t *this)
/* remote auth config */
auth = auth_cfg_create();
gateway = identification_create_from_string(server);
remote_id = this->settings->get_str(this->settings, "connection.remote_id",
NULL);
if (remote_id)
{
gateway = identification_create_from_string(remote_id);
}
if (!gateway || gateway->get_type(gateway) == ID_ANY)
{
DESTROY_IF(gateway);
gateway = identification_create_from_string(server);
/* only use this if remote ID was not configured explicitly */
auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, TRUE);
}
auth->add(auth, AUTH_RULE_IDENTITY, gateway);
auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, TRUE);
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);