From: Martin Willi <martin@revosec.ch>
Date: Fri, 1 Nov 2013 11:05:48 +0000 (+0100)
Subject: charon-xpc: Set AUTH_RULE_IDENTITY_LOOSE on responder config
X-Git-Tag: 5.1.2dr1~44
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=10900ed7e7a217c9c56da325083be5879ecf41d1;p=thirdparty%2Fstrongswan.git

charon-xpc: Set AUTH_RULE_IDENTITY_LOOSE on responder config

This allows the server to use a different IKE identity as long as the
configured hostname is contained in the certificate.
---

diff --git a/src/frontends/osx/charon-xpc/xpc_dispatch.c b/src/frontends/osx/charon-xpc/xpc_dispatch.c
index dd7ce1531e..564fd6e7d9 100644
--- a/src/frontends/osx/charon-xpc/xpc_dispatch.c
+++ b/src/frontends/osx/charon-xpc/xpc_dispatch.c
@@ -110,6 +110,10 @@ static void add_auth_cfg(peer_cfg_t *peer_cfg, bool local,
 	auth = auth_cfg_create();
 	auth->add(auth, AUTH_RULE_AUTH_CLASS, class);
 	auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_string(id));
+	if (!local)
+	{
+		auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, TRUE);
+	}
 	peer_cfg->add_auth_cfg(peer_cfg, auth, local);
 }