Fixed AR identities in mutual TNC measurements case
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 15 Aug 2015 20:46:21 +0000 (22:46 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 15 Aug 2015 20:46:21 +0000 (22:46 +0200)
src/libcharon/plugins/eap_tnc/eap_tnc.c
src/libpttls/pt_tls_client.c
src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c

index f70f47e..350001b 100644 (file)
@@ -335,6 +335,10 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
                free(this);
                return NULL;
        }
+       if (!is_server)
+       {
+               tnccs->set_auth_type(tnccs, TNC_AUTH_X509_CERT);
+       }
        this->tnccs = tnccs->get_ref(tnccs);
        this->tls_eap = tls_eap_create(type, &tnccs->tls,
                                                                   EAP_TNC_MAX_MESSAGE_LEN,
index 315129d..bd5b96f 100644 (file)
@@ -450,6 +450,7 @@ METHOD(pt_tls_client_t, run_assessment, status_t,
        {
                return FAILED;
        }
+       tnccs->set_auth_type(tnccs, TNC_AUTH_X509_CERT);
 
        DBG1(DBG_TNC, "entering PT-TLS data transport phase");
        if (!assess(this, (tls_t*)tnccs))
index 30e5052..67c33ee 100644 (file)
@@ -729,7 +729,9 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
                        list = linked_list_create();
                        tnccs = entry->tnccs;
 
-                       peer_id = tnccs->tls.get_peer_id(&tnccs->tls);
+                       peer_id = tnccs->tls.is_server(&tnccs->tls) ?
+                                       tnccs->tls.get_peer_id(&tnccs->tls) :
+                                       tnccs->tls.get_server_id(&tnccs->tls);
                        if (peer_id)
                        {
                                switch (peer_id->get_type(peer_id))
@@ -771,7 +773,9 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
                                }
                        }
 
-                       peer_ip = tnccs->get_peer_ip(tnccs);
+                       peer_ip = tnccs->tls.is_server(&tnccs->tls) ?
+                                       tnccs->get_peer_ip(tnccs) :
+                                       tnccs->get_server_ip(tnccs);
                        if (peer_ip)
                        {
                                switch (peer_ip->get_family(peer_ip))