Use the group constraint in a more generic fashion, not only for attribute certificates

2 files changed, 4 insertions, 5 deletions

diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index 41bf5d1a1..ded7ac4f5 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -413,7 +413,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
 		}
 	}
 
-	/* AC groups */
+	/* groups */
 	if (end->groups)
 	{
 		enumerator_t *enumerator;
@@ -422,9 +422,8 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
 		enumerator = enumerator_create_token(end->groups, ",", " ");
 		while (enumerator->enumerate(enumerator, &group))
 		{
-			identity = identification_create_from_encoding(ID_IETF_ATTR_STRING,
-											chunk_create(group, strlen(group)));
-			cfg->add(cfg, AUTH_RULE_AC_GROUP, identity);
+			cfg->add(cfg, AUTH_RULE_GROUP,
+					 identification_create_from_string(group));
 		}
 		enumerator->destroy(enumerator);
 	}
diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c
index 153828ae8..9981d45fc 100644
--- a/src/libcharon/plugins/stroke/stroke_list.c
+++ b/src/libcharon/plugins/stroke/stroke_list.c
@@ -373,7 +373,7 @@ static void log_auth_cfgs(FILE *out, peer_cfg_t *peer_cfg, bool local)
 		rules = auth->create_enumerator(auth);
 		while (rules->enumerate(rules, &rule, &id))
 		{
-			if (rule == AUTH_RULE_AC_GROUP)
+			if (rule == AUTH_RULE_GROUP)
 			{
 				fprintf(out, "%12s:    group: %Y\n", name, id);
 			}