2 files changed, 15 insertions, 0 deletions

diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index 4f2f58e86..dc2c57e9c 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -429,6 +429,20 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
 		enumerator->destroy(enumerator);
 	}
 
+	/* certificatePolicies */
+	if (end->cert_policy)
+	{
+		enumerator_t *enumerator;
+		char *policy;
+
+		enumerator = enumerator_create_token(end->cert_policy, ",", " ");
+		while (enumerator->enumerate(enumerator, &policy))
+		{
+			cfg->add(cfg, AUTH_RULE_CERT_POLICY, strdup(policy));
+		}
+		enumerator->destroy(enumerator);
+	}
+
 	/* authentication metod (class, actually) */
 	if (streq(auth, "pubkey") ||
 		streq(auth, "rsasig") || streq(auth, "rsa") ||
diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index 3762ffcad..18e77905d 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -151,6 +151,7 @@ static void pop_end(stroke_msg_t *msg, const char* label, stroke_end_t *end)
 	pop_string(msg, &end->ca);
 	pop_string(msg, &end->ca2);
 	pop_string(msg, &end->groups);
+	pop_string(msg, &end->cert_policy);
 	pop_string(msg, &end->updown);
 
 	DBG2(DBG_CFG, "  %s=%s", label, end->address);