From a330f72ecfd4b798efa0d4db63a7f4917e29e8be Mon Sep 17 00:00:00 2001
From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Sat, 15 Aug 2015 22:46:21 +0200
Subject: [PATCH] Fixed AR identities in mutual TNC measurements case

---
 src/libcharon/plugins/eap_tnc/eap_tnc.c            | 4 ++++
 src/libpttls/pt_tls_client.c                       | 1 +
 src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c | 8 ++++++--
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc.c b/src/libcharon/plugins/eap_tnc/eap_tnc.c
index f70f47ef6..350001bb4 100644
--- a/src/libcharon/plugins/eap_tnc/eap_tnc.c
+++ b/src/libcharon/plugins/eap_tnc/eap_tnc.c
@@ -335,6 +335,10 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
 		free(this);
 		return NULL;
 	}
+	if (!is_server)
+	{
+		tnccs->set_auth_type(tnccs, TNC_AUTH_X509_CERT);
+	}
 	this->tnccs = tnccs->get_ref(tnccs);
 	this->tls_eap = tls_eap_create(type, &tnccs->tls,
 								   EAP_TNC_MAX_MESSAGE_LEN,
diff --git a/src/libpttls/pt_tls_client.c b/src/libpttls/pt_tls_client.c
index 315129d7e..bd5b96f70 100644
--- a/src/libpttls/pt_tls_client.c
+++ b/src/libpttls/pt_tls_client.c
@@ -450,6 +450,7 @@ METHOD(pt_tls_client_t, run_assessment, status_t,
 	{
 		return FAILED;
 	}
+	tnccs->set_auth_type(tnccs, TNC_AUTH_X509_CERT);
 
 	DBG1(DBG_TNC, "entering PT-TLS data transport phase");
 	if (!assess(this, (tls_t*)tnccs))
diff --git a/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c b/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c
index 30e505246..67c33ee63 100644
--- a/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c
+++ b/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c
@@ -729,7 +729,9 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
 			list = linked_list_create();
 			tnccs = entry->tnccs;
 
-			peer_id = tnccs->tls.get_peer_id(&tnccs->tls);
+			peer_id = tnccs->tls.is_server(&tnccs->tls) ?
+					tnccs->tls.get_peer_id(&tnccs->tls) :
+					tnccs->tls.get_server_id(&tnccs->tls);
 			if (peer_id)
 			{
 				switch (peer_id->get_type(peer_id))
@@ -771,7 +773,9 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
 				}
 			}
 
-			peer_ip = tnccs->get_peer_ip(tnccs);
+			peer_ip = tnccs->tls.is_server(&tnccs->tls) ?
+					tnccs->get_peer_ip(tnccs) :
+					tnccs->get_server_ip(tnccs);
 			if (peer_ip)
 			{
 				switch (peer_ip->get_family(peer_ip))