Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option

2 files changed, 7 insertions, 2 deletions

diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.c b/src/libcharon/plugins/eap_ttls/eap_ttls.c
index 35a529091..be9e3ea6b 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls.c
@@ -405,6 +405,11 @@ static eap_ttls_t *eap_ttls_create(identification_t *server,
 		.is_server = is_server,
 	);
 
+	if (is_server && !lib->settings->get_bool(lib->settings,
+							"charon.plugins.eap-ttls.request_peer_auth", FALSE))
+	{	/* don't request peer authentication */
+		peer = NULL;
+	}
 	this->tls = tls_create(is_server, server, peer,
 						   TLS_PURPOSE_EAP_TTLS, application);
 	if (!this->tls)
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c b/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c
index a621ffc3e..0eb5e94be 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c
@@ -110,7 +110,7 @@ METHOD(eap_ttls_avp_t, process, status_t,
 		}
 
 		/* parse AVP header */
-		header = tls_reader_create(this->input);	
+		header = tls_reader_create(this->input);
 		success = header->read_uint32(header, &avp_code) &&
 				  header->read_uint8(header, &avp_flags) &&
 				  header->read_uint24(header, &avp_len);
@@ -154,7 +154,7 @@ METHOD(eap_ttls_avp_t, process, status_t,
 	this->inpos = 0;
 	this->process_header = TRUE;
 
-	return SUCCESS;	
+	return SUCCESS;
 }
 
 METHOD(eap_ttls_avp_t, destroy, void,