]> git.ipfire.org Git - thirdparty/strongswan.git/commit
projects / thirdparty / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e98ea89) | patch
eap-authenticator: Assume IKE identity as EAP-Identity if client doesn't send one 2833-eap-empty-id
authorTobias Brunner <tobias@strongswan.org>
Mon, 14 Jul 2025 16:13:04 +0000 (18:13 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 14 Jul 2025 16:18:14 +0000 (18:18 +0200)
commit4f952e76a72204b12e30fd9b7afa7b48daa57207
treec2ab091a0d1ff12d713bd928d533d27cb1cae0dbtree
parente98ea89d99fd6b2c31dae4673d8c44c8059498cecommit | diff
eap-authenticator: Assume IKE identity as EAP-Identity if client doesn't send one

Apparently, some clients (e.g. native Android) just send an empty
EAP-Identity response.  We silently ignored that previously and then
used the IKE identity for the actual EAP method.  This change tries to
do something similar (i.e. don't fail if the response is empty), but by
assuming the IKE identity as EAP-Identity, we match that and possibly
can switch configs.

Fixes: 2f2e4abe3c52 ("ikev2: Add support to switch peer configs based on EAP-Identities")
src/libcharon/sa/ikev2/authenticators/eap_authenticator.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.