charon-xpc: Set AUTH_RULE_IDENTITY_LOOSE on responder config

This allows the server to use a different IKE identity as long as the configured hostname is contained in the certificate.
author: Martin Willi <martin@revosec.ch> 2013-11-01 12:05:48 +0100
committer: Martin Willi <martin@revosec.ch> 2013-11-01 12:05:48 +0100
commit: 10900ed7e7a217c9c56da325083be5879ecf41d1 (patch)
tree: b004b0adab51cea37d9d8edf68f03841f122b9e5 /src/frontends/osx
parent: b76e96e2ef4d56c863b36c8d3c39e3c2efcf4a7c (diff)
download: strongswan-10900ed7e7a217c9c56da325083be5879ecf41d1.tar.bz2
strongswan-10900ed7e7a217c9c56da325083be5879ecf41d1.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/frontends/osx/charon-xpc/xpc_dispatch.c b/src/frontends/osx/charon-xpc/xpc_dispatch.c
index dd7ce1531..564fd6e7d 100644
--- a/src/frontends/osx/charon-xpc/xpc_dispatch.c
+++ b/src/frontends/osx/charon-xpc/xpc_dispatch.c
@@ -110,6 +110,10 @@ static void add_auth_cfg(peer_cfg_t *peer_cfg, bool local,
 	auth = auth_cfg_create();
 	auth->add(auth, AUTH_RULE_AUTH_CLASS, class);
 	auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_string(id));
+	if (!local)
+	{
+		auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, TRUE);
+	}
 	peer_cfg->add_auth_cfg(peer_cfg, auth, local);
 }
author	Martin Willi <martin@revosec.ch>	2013-11-01 12:05:48 +0100
committer	Martin Willi <martin@revosec.ch>	2013-11-01 12:05:48 +0100
commit	10900ed7e7a217c9c56da325083be5879ecf41d1 (patch)
tree	b004b0adab51cea37d9d8edf68f03841f122b9e5 /src/frontends/osx
parent	b76e96e2ef4d56c863b36c8d3c39e3c2efcf4a7c (diff)
download	strongswan-10900ed7e7a217c9c56da325083be5879ecf41d1.tar.bz2 strongswan-10900ed7e7a217c9c56da325083be5879ecf41d1.tar.xz