From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 3 Feb 2016 14:16:48 +0000 (+0100)
Subject: vici: Add support for pubkey constraints with EAP-TLS
X-Git-Tag: 5.4.0dr8~10^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1ecec95dff4036cf6a4a5d0347b3247fc71ce0b0;p=thirdparty%2Fstrongswan.git

vici: Add support for pubkey constraints with EAP-TLS

This is a feature currently supported by stroke.
---

diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index 7711fa0cbd..181b14b406 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -982,8 +982,16 @@ CALLBACK(parse_auth, bool,
 	}
 	if (strcasepfx(buf, "eap"))
 	{
+		char *pos;
+
 		cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
 
+		pos = strchr(buf, ':');
+		if (pos)
+		{
+			*pos = 0;
+			cfg->add_pubkey_constraints(cfg, pos + 1, FALSE);
+		}
 		type = eap_vendor_type_from_string(buf);
 		if (type)
 		{