diff options
author | Martin Willi <martin@revosec.ch> | 2013-11-01 12:05:48 +0100 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2013-11-01 12:05:48 +0100 |
commit | 10900ed7e7a217c9c56da325083be5879ecf41d1 (patch) | |
tree | b004b0adab51cea37d9d8edf68f03841f122b9e5 /src/frontends/osx | |
parent | b76e96e2ef4d56c863b36c8d3c39e3c2efcf4a7c (diff) | |
download | strongswan-10900ed7e7a217c9c56da325083be5879ecf41d1.tar.bz2 strongswan-10900ed7e7a217c9c56da325083be5879ecf41d1.tar.xz |
charon-xpc: Set AUTH_RULE_IDENTITY_LOOSE on responder config
This allows the server to use a different IKE identity as long as the
configured hostname is contained in the certificate.
Diffstat (limited to 'src/frontends/osx')
-rw-r--r-- | src/frontends/osx/charon-xpc/xpc_dispatch.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/frontends/osx/charon-xpc/xpc_dispatch.c b/src/frontends/osx/charon-xpc/xpc_dispatch.c index dd7ce1531..564fd6e7d 100644 --- a/src/frontends/osx/charon-xpc/xpc_dispatch.c +++ b/src/frontends/osx/charon-xpc/xpc_dispatch.c @@ -110,6 +110,10 @@ static void add_auth_cfg(peer_cfg_t *peer_cfg, bool local, auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, class); auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_string(id)); + if (!local) + { + auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, TRUE); + } peer_cfg->add_auth_cfg(peer_cfg, auth, local); } |