Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option

author: Martin Willi <martin@revosec.ch> 2010-08-24 11:34:43 +0200
committer: Martin Willi <martin@revosec.ch> 2010-08-24 11:34:43 +0200
commit: 69e8bb2e8d61a8e7b2a889eaae9722a4e5ed51c6 (patch)
tree: 1e4fbeded6b1cd5b456a21c594f80a212d7f2b89 /src/libcharon/plugins/eap_ttls/eap_ttls.c
parent: a2c12359691943ede12f7f515cbe97af1b193e7b (diff)
download: strongswan-69e8bb2e8d61a8e7b2a889eaae9722a4e5ed51c6.tar.bz2
strongswan-69e8bb2e8d61a8e7b2a889eaae9722a4e5ed51c6.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.c b/src/libcharon/plugins/eap_ttls/eap_ttls.c
index 35a529091..be9e3ea6b 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls.c
@@ -405,6 +405,11 @@ static eap_ttls_t *eap_ttls_create(identification_t *server,
 		.is_server = is_server,
 	);
 
+	if (is_server && !lib->settings->get_bool(lib->settings,
+							"charon.plugins.eap-ttls.request_peer_auth", FALSE))
+	{	/* don't request peer authentication */
+		peer = NULL;
+	}
 	this->tls = tls_create(is_server, server, peer,
 						   TLS_PURPOSE_EAP_TTLS, application);
 	if (!this->tls)
author	Martin Willi <martin@revosec.ch>	2010-08-24 11:34:43 +0200
committer	Martin Willi <martin@revosec.ch>	2010-08-24 11:34:43 +0200
commit	69e8bb2e8d61a8e7b2a889eaae9722a4e5ed51c6 (patch)
tree	1e4fbeded6b1cd5b456a21c594f80a212d7f2b89 /src/libcharon/plugins/eap_ttls/eap_ttls.c
parent	a2c12359691943ede12f7f515cbe97af1b193e7b (diff)
download	strongswan-69e8bb2e8d61a8e7b2a889eaae9722a4e5ed51c6.tar.bz2 strongswan-69e8bb2e8d61a8e7b2a889eaae9722a4e5ed51c6.tar.xz