Fixed AR identities in mutual TNC measurements case

diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc.c b/src/libcharon/plugins/eap_tnc/eap_tnc.c
index f70f47ef6c3adb0bdccccdb72f3089fdc614e298..350001bb414a7b15f4ff413d4cb27bc91542f865 100644 (file)
--- a/src/libcharon/plugins/eap_tnc/eap_tnc.c
+++ b/src/libcharon/plugins/eap_tnc/eap_tnc.c
@@ -335,6 +335,10 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
                free(this);
                return NULL;
        }
+       if (!is_server)
+       {
+               tnccs->set_auth_type(tnccs, TNC_AUTH_X509_CERT);
+       }
        this->tnccs = tnccs->get_ref(tnccs);
        this->tls_eap = tls_eap_create(type, &tnccs->tls,
                                                                   EAP_TNC_MAX_MESSAGE_LEN,

diff --git a/src/libpttls/pt_tls_client.c b/src/libpttls/pt_tls_client.c
index 315129d7e01bbcba6d171bdc36a6e6d35283e237..bd5b96f7000706cf001e5b4a0f57605d31d836d5 100644 (file)
--- a/src/libpttls/pt_tls_client.c
+++ b/src/libpttls/pt_tls_client.c
@@ -450,6 +450,7 @@ METHOD(pt_tls_client_t, run_assessment, status_t,
        {
                return FAILED;
        }
+       tnccs->set_auth_type(tnccs, TNC_AUTH_X509_CERT);
 
        DBG1(DBG_TNC, "entering PT-TLS data transport phase");
        if (!assess(this, (tls_t*)tnccs))

diff --git a/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c b/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c
index 30e5052466f2ea343a054264ba97326b76629318..67c33ee63880c4c58e29fa81c6db6f3d3cc1fa4a 100644 (file)
--- a/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c
+++ b/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c
@@ -729,7 +729,9 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
                        list = linked_list_create();
                        tnccs = entry->tnccs;
 
-                       peer_id = tnccs->tls.get_peer_id(&tnccs->tls);
+                       peer_id = tnccs->tls.is_server(&tnccs->tls) ?
+                                       tnccs->tls.get_peer_id(&tnccs->tls) :
+                                       tnccs->tls.get_server_id(&tnccs->tls);
                        if (peer_id)
                        {
                                switch (peer_id->get_type(peer_id))
@@ -771,7 +773,9 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
                                }
                        }
 
-                       peer_ip = tnccs->get_peer_ip(tnccs);
+                       peer_ip = tnccs->tls.is_server(&tnccs->tls) ?
+                                       tnccs->get_peer_ip(tnccs) :
+                                       tnccs->get_server_ip(tnccs);
                        if (peer_ip)
                        {
                                switch (peer_ip->get_family(peer_ip))