/* Implemented in tls_server.c */
bool tls_write_key_share(bio_writer_t **key_share, diffie_hellman_t *dh);
-public_key_t *tls_find_public_key(auth_cfg_t *peer_auth);
+public_key_t *tls_find_public_key(auth_cfg_t *peer_auth, identification_t *id);
/**
* Verify the DH group/key type requested by the server is valid.
public_key_t *public;
chunk_t msg;
- public = tls_find_public_key(this->server_auth);
+ public = tls_find_public_key(this->server_auth, this->server);
if (!public)
{
DBG1(DBG_TLS, "no trusted certificate found for '%Y' to verify TLS server",
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
return NEED_MORE;
}
- public = tls_find_public_key(this->server_auth);
+ public = tls_find_public_key(this->server_auth, this->server);
if (!public)
{
DBG1(DBG_TLS, "no TLS public key found for server '%Y'", this->server);
return NEED_MORE;
}
- public = tls_find_public_key(this->server_auth);
+ public = tls_find_public_key(this->server_auth, this->server);
if (!public)
{
DBG1(DBG_TLS, "no TLS public key found for server '%Y'", this->server);
return NEED_MORE;
}
- public = tls_find_public_key(this->server_auth);
+ public = tls_find_public_key(this->server_auth, this->server);
if (!public)
{
DBG1(DBG_TLS, "no TLS public key found for server '%Y'", this->server);
/**
* Find a trusted public key to encrypt/verify key exchange data
*/
-public_key_t *tls_find_public_key(auth_cfg_t *peer_auth)
+public_key_t *tls_find_public_key(auth_cfg_t *peer_auth, identification_t *id)
{
public_key_t *public = NULL, *current;
certificate_t *cert, *found;
if (cert)
{
enumerator = lib->credmgr->create_public_enumerator(lib->credmgr,
- KEY_ANY, cert->get_subject(cert),
- peer_auth, TRUE);
+ KEY_ANY, id, peer_auth, TRUE);
while (enumerator->enumerate(enumerator, ¤t, &auth))
{
found = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
public_key_t *public;
chunk_t msg;
- public = tls_find_public_key(this->peer_auth);
+ public = tls_find_public_key(this->peer_auth, this->peer);
if (!public)
{
DBG1(DBG_TLS, "no trusted certificate found for '%Y' to verify TLS peer",