From d8d8ed15cfd39b1203f2feb61148ced92571de45 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 21 May 2015 12:17:36 +0200 Subject: [PATCH] WIP Without this the xauth-eap plugin, or rather the instantiated EAP method is not able to access the CA certificates in other credential sets as only an exclusive local set is loaded (in order to not affect the eap method which runs in the same thread). Another problem is that the server identity is not stored in the auth_cfg object that results from the XAuth exchange (add_auth_cfg() function in xauth.c), so the aaa_identity constraint check will eventually fail. --- src/libcharon/plugins/xauth_eap/xauth_eap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libcharon/plugins/xauth_eap/xauth_eap.c b/src/libcharon/plugins/xauth_eap/xauth_eap.c index f21d02697c..40c485b4f9 100644 --- a/src/libcharon/plugins/xauth_eap/xauth_eap.c +++ b/src/libcharon/plugins/xauth_eap/xauth_eap.c @@ -133,7 +133,7 @@ static bool verify_eap(private_xauth_eap_t *this, eap_method_t *backend) while (TRUE) { /* credential set is active in frontend only, but not in backend */ - lib->credmgr->add_local_set(lib->credmgr, &this->cred->set, TRUE); + lib->credmgr->add_local_set(lib->credmgr, &this->cred->set, FALSE); status = frontend->process(frontend, request, &response); lib->credmgr->remove_local_set(lib->credmgr, &this->cred->set); request->destroy(request); -- 2.47.2