charon-cmd: Only use loose identity matching if no IDr is configured

diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c
index aaf02c6c787dece58536833ddb9afbc1117c2cfd..cb166009015c41e6859aff3c38dc8293ba7e35f5 100644 (file)
--- a/src/charon-cmd/cmd/cmd_connection.c
+++ b/src/charon-cmd/cmd/cmd_connection.c
@@ -247,8 +247,9 @@ static void add_auth_cfg(private_cmd_connection_t *this, peer_cfg_t *peer_cfg,
                else
                {
                        id = identification_create_from_string(this->host);
+                       /* only use this if remote ID was not configured explicitly */
+                       auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, TRUE);
                }
-               auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, TRUE);
        }
        auth->add(auth, AUTH_RULE_IDENTITY, id);
        peer_cfg->add_auth_cfg(peer_cfg, auth, local);