vici: Add support for pubkey constraints with EAP-TLS
authorTobias Brunner <tobias@strongswan.org>
Wed, 3 Feb 2016 14:16:48 +0000 (15:16 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 4 Mar 2016 15:19:54 +0000 (16:19 +0100)
This is a feature currently supported by stroke.

src/libcharon/plugins/vici/vici_config.c

index 7711fa0..181b14b 100644 (file)
@@ -982,8 +982,16 @@ CALLBACK(parse_auth, bool,
        }
        if (strcasepfx(buf, "eap"))
        {
+               char *pos;
+
                cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
 
+               pos = strchr(buf, ':');
+               if (pos)
+               {
+                       *pos = 0;
+                       cfg->add_pubkey_constraints(cfg, pos + 1, FALSE);
+               }
                type = eap_vendor_type_from_string(buf);
                if (type)
                {