Add AUTH_RULE_IDENTITY_LOOSE which allows to use IDr loosely as initiator

If it is set on an auth config IDr will not be sent, and later the configured identity will not only be checked against the returned IDr, but also against other identities contained in the responder's certificate.
author: Tobias Brunner <tobias@strongswan.org> 2012-09-18 11:16:10 +0200
committer: Tobias Brunner <tobias@strongswan.org> 2012-09-18 11:16:10 +0200
commit: 3a8852c76fd009e11e78ea377796376b1b770da6 (patch)
tree: 00fdd536664456f60fcaf3468018de66626ad4bd /src/libcharon/sa/ikev2
parent: cf1ec852073b35c28a47aae6979d7143dcc5e2ed (diff)
download: strongswan-3a8852c76fd009e11e78ea377796376b1b770da6.tar.bz2
strongswan-3a8852c76fd009e11e78ea377796376b1b770da6.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
index 7d462f1a7..cd94ccd9e 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -408,7 +408,8 @@ METHOD(task_t, build_i, status_t,
 		if (cfg)
 		{
 			idr = cfg->get(cfg, AUTH_RULE_IDENTITY);
-			if (idr && !idr->contains_wildcards(idr))
+			if (!cfg->get(cfg, AUTH_RULE_IDENTITY_LOOSE) && idr &&
+				!idr->contains_wildcards(idr))
 			{
 				this->ike_sa->set_other_id(this->ike_sa, idr->clone(idr));
 				id_payload = id_payload_create_from_identification(
author	Tobias Brunner <tobias@strongswan.org>	2012-09-18 11:16:10 +0200
committer	Tobias Brunner <tobias@strongswan.org>	2012-09-18 11:16:10 +0200
commit	3a8852c76fd009e11e78ea377796376b1b770da6 (patch)
tree	00fdd536664456f60fcaf3468018de66626ad4bd /src/libcharon/sa/ikev2
parent	cf1ec852073b35c28a47aae6979d7143dcc5e2ed (diff)
download	strongswan-3a8852c76fd009e11e78ea377796376b1b770da6.tar.bz2 strongswan-3a8852c76fd009e11e78ea377796376b1b770da6.tar.xz