Delegate tls_t.get_{peer,server}_id to handshake layer
[strongswan.git] / src / libtls / tls_peer.c
index 622df40..b429da3 100644 (file)
@@ -665,6 +665,8 @@ METHOD(tls_handshake_t, process, status_t,
                        {
                                return process_certreq(this, reader);
                        }
+                       /* no cert request, server does not want to authenticate us */
+                       DESTROY_IF(this->peer);
                        this->peer = NULL;
                        /* fall through since TLS_CERTIFICATE_REQUEST is optional */
                case STATE_CERTREQ_RECEIVED:
@@ -850,6 +852,7 @@ static status_t send_certificate(private_tls_peer_t *this,
        {
                DBG1(DBG_TLS, "no TLS peer certificate found for '%Y', "
                         "skipping client authentication", this->peer);
+               this->peer->destroy(this->peer);
                this->peer = NULL;
        }
 
@@ -1132,11 +1135,25 @@ METHOD(tls_handshake_t, finished, bool,
        return this->state == STATE_FINISHED_RECEIVED;
 }
 
+METHOD(tls_handshake_t, get_peer_id, identification_t*,
+       private_tls_peer_t *this)
+{
+       return this->peer;
+}
+
+METHOD(tls_handshake_t, get_server_id, identification_t*,
+       private_tls_peer_t *this)
+{
+       return this->server;
+}
+
 METHOD(tls_handshake_t, destroy, void,
        private_tls_peer_t *this)
 {
        DESTROY_IF(this->private);
        DESTROY_IF(this->dh);
+       DESTROY_IF(this->peer);
+       this->server->destroy(this->server);
        this->peer_auth->destroy(this->peer_auth);
        this->server_auth->destroy(this->server_auth);
        free(this->hashsig.ptr);
@@ -1161,6 +1178,8 @@ tls_peer_t *tls_peer_create(tls_t *tls, tls_crypto_t *crypto, tls_alert_t *alert
                                .cipherspec_changed = _cipherspec_changed,
                                .change_cipherspec = _change_cipherspec,
                                .finished = _finished,
+                               .get_peer_id = _get_peer_id,
+                               .get_server_id = _get_server_id,
                                .destroy = _destroy,
                        },
                },
@@ -1168,8 +1187,8 @@ tls_peer_t *tls_peer_create(tls_t *tls, tls_crypto_t *crypto, tls_alert_t *alert
                .tls = tls,
                .crypto = crypto,
                .alert = alert,
-               .peer = peer,
-               .server = server,
+               .peer = peer ? peer->clone(peer) : NULL,
+               .server = server->clone(server),
                .peer_auth = auth_cfg_create(),
                .server_auth = auth_cfg_create(),
        );