From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 4 Jul 2018 09:17:04 +0000 (+0200)
Subject: android: Don't enforce the server address as AAA identity for EAP-PEAP/TTLS
X-Git-Tag: 5.7.0dr5~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=485d202adc28af83fdb75f5d3d080345afe5c642;p=thirdparty%2Fstrongswan.git

android: Don't enforce the server address as AAA identity for EAP-PEAP/TTLS

This is similar to EAP-TLS.  We could probably make this configurable
later.
---

diff --git a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
index a1a51b7b52..a6b45059eb 100644
--- a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
+++ b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
@@ -640,6 +640,9 @@ static void add_auth_cfg_pw(private_android_service_t *this,
 	{	/* use EAP-TTLS if BYOD is enabled */
 		auth->add(auth, AUTH_RULE_EAP_TYPE, EAP_TTLS);
 	}
+	/* in case EAP-PEAP or EAP-TTLS is used we currently accept any identity */
+	auth->add(auth, AUTH_RULE_AAA_IDENTITY,
+			  identification_create_from_string("%any"));
 
 	username = this->settings->get_str(this->settings, "connection.username",
 									   NULL);