]> git.ipfire.org Git - people/ms/strongswan.git/commitdiff
projects / people / ms / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a009aed)
Load raw keys before possibly destroying the identity
authorTobias Brunner <tobias@strongswan.org>
Mon, 1 Apr 2013 11:46:23 +0000 (13:46 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 1 Apr 2013 11:48:34 +0000 (13:48 +0200)
If no identity (or %any) is configured the identification_t object is
destroyed and an invalid object was associated with the created pubkey
certificate.
Actually using %any does not work as the certificate would not match
when the client later provides an identity.

src/libcharon/plugins/stroke/stroke_config.c patch | blob | blame | history

diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index 5970e7cf36456380f916aa178d1bfe17a2819bd9..86f0fe431aa00e931a00eb4ec902f94fd5ba2d09 100644 (file)
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -485,6 +485,17 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
                        identity = identity->clone(identity);
                }
        }
+       /* add raw RSA public key */
+       pubkey = end->rsakey;
+       if (pubkey && !streq(pubkey, "") && !streq(pubkey, "%cert"))
+       {
+               certificate = this->cred->load_pubkey(this->cred, KEY_RSA, pubkey,
+                                                                                         identity);
+               if (certificate)
+               {
+                       cfg->add(cfg, AUTH_RULE_SUBJECT_CERT, certificate);
+               }
+       }
        if (identity->get_type(identity) != ID_ANY)
        {
                cfg->add(cfg, AUTH_RULE_IDENTITY, identity);
@@ -498,18 +509,6 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
                identity->destroy(identity);
        }
 
-       /* add raw RSA public key */
-       pubkey = end->rsakey;
-       if (pubkey && !streq(pubkey, "") && !streq(pubkey, "%cert"))
-       {
-               certificate = this->cred->load_pubkey(this->cred, KEY_RSA, pubkey,
-                                                                                         identity);
-               if (certificate)
-               {
-                       cfg->add(cfg, AUTH_RULE_SUBJECT_CERT, certificate);
-               }
-       }
-
        /* CA constraint */
        if (ca)
        {
Michael's strongswan development tree