libtls: Enforce client/server identity when looking for public key
The client already enforces that the server identity is contained in the
received certificate. But on the server, the referenced commit changed
the lookup from the configured (or adopted if %any was configured) client
identity to the subject DN of the received client certificate. So any
client with a trusted certificate was accepted.
Fixes: d2fc9b0961c6 ("tls-server: Mutual authentication support for TLS 1.3")
Closes strongswan/strongswan#873
projects / people / ms / strongswan.git / commit
