If no identity (or %any) is configured the identification_t object is
destroyed and an invalid object was associated with the created pubkey
certificate.
Actually using %any does not work as the certificate would not match
when the client later provides an identity.
identity = identity->clone(identity);
}
}
identity = identity->clone(identity);
}
}
+ /* add raw RSA public key */
+ pubkey = end->rsakey;
+ if (pubkey && !streq(pubkey, "") && !streq(pubkey, "%cert"))
+ {
+ certificate = this->cred->load_pubkey(this->cred, KEY_RSA, pubkey,
+ identity);
+ if (certificate)
+ {
+ cfg->add(cfg, AUTH_RULE_SUBJECT_CERT, certificate);
+ }
+ }
if (identity->get_type(identity) != ID_ANY)
{
cfg->add(cfg, AUTH_RULE_IDENTITY, identity);
if (identity->get_type(identity) != ID_ANY)
{
cfg->add(cfg, AUTH_RULE_IDENTITY, identity);
identity->destroy(identity);
}
identity->destroy(identity);
}
- /* add raw RSA public key */
- pubkey = end->rsakey;
- if (pubkey && !streq(pubkey, "") && !streq(pubkey, "%cert"))
- {
- certificate = this->cred->load_pubkey(this->cred, KEY_RSA, pubkey,
- identity);
- if (certificate)
- {
- cfg->add(cfg, AUTH_RULE_SUBJECT_CERT, certificate);
- }
- }
-
/* CA constraint */
if (ca)
{
/* CA constraint */
if (ca)
{