charon-xpc: Set AUTH_RULE_IDENTITY_LOOSE on responder config

This allows the server to use a different IKE identity as long as the
configured hostname is contained in the certificate.

diff --git a/src/frontends/osx/charon-xpc/xpc_dispatch.c b/src/frontends/osx/charon-xpc/xpc_dispatch.c
index dd7ce1531ec0be3cd12c44188caabf0d1218da49..564fd6e7d9461cddad179c94f3e50c0684a21d32 100644 (file)
--- a/src/frontends/osx/charon-xpc/xpc_dispatch.c
+++ b/src/frontends/osx/charon-xpc/xpc_dispatch.c
@@ -110,6 +110,10 @@ static void add_auth_cfg(peer_cfg_t *peer_cfg, bool local,
        auth = auth_cfg_create();
        auth->add(auth, AUTH_RULE_AUTH_CLASS, class);
        auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_string(id));
+       if (!local)
+       {
+               auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, TRUE);
+       }
        peer_cfg->add_auth_cfg(peer_cfg, auth, local);
 }