]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
projects / thirdparty / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d5606ec)
tls-server: Use subject DN as peer identity if it was ID_ANY
authorTobias Brunner <tobias@strongswan.org>
Thu, 18 Feb 2021 11:31:17 +0000 (12:31 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 18 Feb 2021 11:34:05 +0000 (12:34 +0100)
To request client authentication if we don't know the client's identity,
it's possible to use ID_ANY.  However, if we don't change the identity
get_peer_id() would still report ID_ANY after the authentication.

src/libtls/tls_server.c patch | blob | blame | history

diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c
index 687fd0ce231fb521ddd6c3dd2123d92a4bbd7a46..247b9f636b6021aab42f44be95571996afda57ea 100644 (file)
--- a/src/libtls/tls_server.c
+++ b/src/libtls/tls_server.c
@@ -729,6 +729,12 @@ static status_t process_certificate(private_tls_server_t *this,
                                DBG1(DBG_TLS, "received TLS peer certificate '%Y'",
                                         cert->get_subject(cert));
                                first = FALSE;
+                               if (this->peer && this->peer->get_type(this->peer) == ID_ANY)
+                               {
+                                       this->peer->destroy(this->peer);
+                                       this->peer = cert->get_subject(cert);
+                                       this->peer = this->peer->clone(this->peer);
+                               }
                        }
                        else
                        {
Unnamed repository; edit this file 'description' to name the repository.