From 69e8bb2e8d61a8e7b2a889eaae9722a4e5ed51c6 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Tue, 24 Aug 2010 11:34:43 +0200
Subject: Pass NULL peer identity to omit TLS peer authentication, added
 eap-ttls.request_peer_auth option

---
 src/libcharon/plugins/eap_ttls/eap_ttls.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/libcharon/plugins/eap_ttls/eap_ttls.c')

diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.c b/src/libcharon/plugins/eap_ttls/eap_ttls.c
index 35a529091..be9e3ea6b 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls.c
@@ -405,6 +405,11 @@ static eap_ttls_t *eap_ttls_create(identification_t *server,
 		.is_server = is_server,
 	);
 
+	if (is_server && !lib->settings->get_bool(lib->settings,
+							"charon.plugins.eap-ttls.request_peer_auth", FALSE))
+	{	/* don't request peer authentication */
+		peer = NULL;
+	}
 	this->tls = tls_create(is_server, server, peer,
 						   TLS_PURPOSE_EAP_TTLS, application);
 	if (!this->tls)
-- 
cgit v1.2.3