From 1ecec95dff4036cf6a4a5d0347b3247fc71ce0b0 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Wed, 3 Feb 2016 15:16:48 +0100 Subject: [PATCH] vici: Add support for pubkey constraints with EAP-TLS This is a feature currently supported by stroke. --- src/libcharon/plugins/vici/vici_config.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index 7711fa0cbd..181b14b406 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -982,8 +982,16 @@ CALLBACK(parse_auth, bool, } if (strcasepfx(buf, "eap")) { + char *pos; + cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP); + pos = strchr(buf, ':'); + if (pos) + { + *pos = 0; + cfg->add_pubkey_constraints(cfg, pos + 1, FALSE); + } type = eap_vendor_type_from_string(buf); if (type) { -- 2.47.3