]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
projects / thirdparty / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 49b1fdb)
Authenticate ISA using certificates
authorAdrian-Ken Rueegsegger <ken@codelabs.ch>
Wed, 7 Nov 2012 16:55:47 +0000 (17:55 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 19 Mar 2013 14:23:49 +0000 (15:23 +0100)
The authentication of the ISA is now done using the certificate provided
by the peer.

src/charon-tkm/src/tkm/tkm_listener.c patch | blob | blame | history

diff --git a/src/charon-tkm/src/tkm/tkm_listener.c b/src/charon-tkm/src/tkm/tkm_listener.c
index 5820990f4844ed6d324df80f52cb92bda045832f..cab9b4e05cf8fd86366300086147bc6135c88bf9 100644 (file)
--- a/src/charon-tkm/src/tkm/tkm_listener.c
+++ b/src/charon-tkm/src/tkm/tkm_listener.c
@@ -202,9 +202,19 @@ METHOD(listener_t, authorize, bool,
                *success = FALSE;
        }
 
+       const chunk_t * const other_init_msg = keymat->get_peer_init_msg(keymat);
+       if (!other_init_msg->ptr)
+       {
+               DBG1(DBG_IKE, "no peer init message available");
+               *success = FALSE;
+       }
+
        signature_type signature;
        chunk_to_sequence(auth, &signature, sizeof(signature_type));
-       if (ike_isa_auth_psk(isa_id, signature) != TKM_OK)
+       init_message_type init_msg;
+       chunk_to_sequence(other_init_msg, &init_msg, sizeof(init_message_type));
+
+       if (ike_isa_auth(isa_id, cc_id, init_msg, signature) != TKM_OK)
        {
                DBG1(DBG_IKE, "TKM based authentication failed"
                         " for ISA context %llu", isa_id);
Unnamed repository; edit this file 'description' to name the repository.