auth-cfg: Don't limit subjectAltName check to received certificates
authorTobias Brunner <tobias@strongswan.org>
Wed, 5 Jul 2017 15:17:13 +0000 (17:17 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 27 Jul 2017 11:27:19 +0000 (13:27 +0200)
Otherwise this won't work if the certificate is only locally available.

src/libstrongswan/credentials/auth_cfg.c

index a9c8b39..07da596 100644 (file)
@@ -840,7 +840,7 @@ METHOD(auth_cfg_t, complies, bool,
                                        {       /* also verify identity against subjectAltNames */
                                                certificate_t *cert;
 
-                                               cert = get(this, AUTH_HELPER_SUBJECT_CERT);
+                                               cert = get(this, AUTH_RULE_SUBJECT_CERT);
                                                if (cert && cert->has_subject(cert, id1))
                                                {
                                                        break;