From: Tobias Brunner Date: Thu, 21 May 2015 10:17:36 +0000 (+0200) Subject: WIP X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=refs%2Fheads%2Fxauth-aaa-identity;p=thirdparty%2Fstrongswan.git WIP Without this the xauth-eap plugin, or rather the instantiated EAP method is not able to access the CA certificates in other credential sets as only an exclusive local set is loaded (in order to not affect the eap method which runs in the same thread). Another problem is that the server identity is not stored in the auth_cfg object that results from the XAuth exchange (add_auth_cfg() function in xauth.c), so the aaa_identity constraint check will eventually fail. --- diff --git a/src/libcharon/plugins/xauth_eap/xauth_eap.c b/src/libcharon/plugins/xauth_eap/xauth_eap.c index f21d02697c..40c485b4f9 100644 --- a/src/libcharon/plugins/xauth_eap/xauth_eap.c +++ b/src/libcharon/plugins/xauth_eap/xauth_eap.c @@ -133,7 +133,7 @@ static bool verify_eap(private_xauth_eap_t *this, eap_method_t *backend) while (TRUE) { /* credential set is active in frontend only, but not in backend */ - lib->credmgr->add_local_set(lib->credmgr, &this->cred->set, TRUE); + lib->credmgr->add_local_set(lib->credmgr, &this->cred->set, FALSE); status = frontend->process(frontend, request, &response); lib->credmgr->remove_local_set(lib->credmgr, &this->cred->set); request->destroy(request);