From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 5 Jul 2017 15:17:13 +0000 (+0200)
Subject: auth-cfg: Don't limit subjectAltName check to received certificates
X-Git-Tag: 5.6.0dr4~8
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=0b756fbe95ef02b06a62974b01be163cb8d975d6;p=thirdparty%2Fstrongswan.git

auth-cfg: Don't limit subjectAltName check to received certificates

Otherwise this won't work if the certificate is only locally available.
---

diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index a9c8b39042..07da596e4c 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -840,7 +840,7 @@ METHOD(auth_cfg_t, complies, bool,
 					{	/* also verify identity against subjectAltNames */
 						certificate_t *cert;
 
-						cert = get(this, AUTH_HELPER_SUBJECT_CERT);
+						cert = get(this, AUTH_RULE_SUBJECT_CERT);
 						if (cert && cert->has_subject(cert, id1))
 						{
 							break;