From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Sat, 15 Aug 2015 20:46:21 +0000 (+0200)
Subject: Fixed AR identities in mutual TNC measurements case
X-Git-Tag: 5.3.3dr5~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a330f72ecfd4b798efa0d4db63a7f4917e29e8be;p=thirdparty%2Fstrongswan.git

Fixed AR identities in mutual TNC measurements case
---

diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc.c b/src/libcharon/plugins/eap_tnc/eap_tnc.c
index f70f47ef6c..350001bb41 100644
--- a/src/libcharon/plugins/eap_tnc/eap_tnc.c
+++ b/src/libcharon/plugins/eap_tnc/eap_tnc.c
@@ -335,6 +335,10 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
 		free(this);
 		return NULL;
 	}
+	if (!is_server)
+	{
+		tnccs->set_auth_type(tnccs, TNC_AUTH_X509_CERT);
+	}
 	this->tnccs = tnccs->get_ref(tnccs);
 	this->tls_eap = tls_eap_create(type, &tnccs->tls,
 								   EAP_TNC_MAX_MESSAGE_LEN,
diff --git a/src/libpttls/pt_tls_client.c b/src/libpttls/pt_tls_client.c
index 315129d7e0..bd5b96f700 100644
--- a/src/libpttls/pt_tls_client.c
+++ b/src/libpttls/pt_tls_client.c
@@ -450,6 +450,7 @@ METHOD(pt_tls_client_t, run_assessment, status_t,
 	{
 		return FAILED;
 	}
+	tnccs->set_auth_type(tnccs, TNC_AUTH_X509_CERT);
 
 	DBG1(DBG_TNC, "entering PT-TLS data transport phase");
 	if (!assess(this, (tls_t*)tnccs))
diff --git a/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c b/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c
index 30e5052466..67c33ee638 100644
--- a/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c
+++ b/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c
@@ -729,7 +729,9 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
 			list = linked_list_create();
 			tnccs = entry->tnccs;
 
-			peer_id = tnccs->tls.get_peer_id(&tnccs->tls);
+			peer_id = tnccs->tls.is_server(&tnccs->tls) ?
+					tnccs->tls.get_peer_id(&tnccs->tls) :
+					tnccs->tls.get_server_id(&tnccs->tls);
 			if (peer_id)
 			{
 				switch (peer_id->get_type(peer_id))
@@ -771,7 +773,9 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
 				}
 			}
 
-			peer_ip = tnccs->get_peer_ip(tnccs);
+			peer_ip = tnccs->tls.is_server(&tnccs->tls) ?
+					tnccs->get_peer_ip(tnccs) :
+					tnccs->get_server_ip(tnccs);
 			if (peer_ip)
 			{
 				switch (peer_ip->get_family(peer_ip))