Use IDTYPE_ASN1DN when using certificates.

When using certificates, the server (racoon) checks whether the subjectAltName matches the given identifier. Using the address as identifier is therefore impossible for roadwarriors. Using the certificate's DN looks like a reasonable alternative. Change-Id: I9ed81478dc115276c807329228b2f9dfd4957b74
author: Andreas Oberritter <obi@saftware.de> 2010-07-29 11:45:06 +0000
committer: Andreas Oberritter <obi@saftware.de> 2010-08-10 11:10:34 +0000
commit: 4c7533e7bbe7f25e4ec3afd8325570b04687e846 (patch)
tree: 5bf1f387b44da3f06c829fd2c925bd0039b4441c
parent: 4fe3597dce855ea199afa239498c9c1833a6fe48 (diff)
download: ipsec-tools-4c7533e7bbe7f25e4ec3afd8325570b04687e846.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/setup.c b/setup.c
index 94cc9b8..b56c503 100644
--- a/setup.c
+++ b/setup.c
@@ -261,6 +261,7 @@ void setup(int argc, char **argv)
         pre_shared_key = argv[3];
         auth = OAKLEY_ATTR_AUTH_METHOD_PSKEY;
     } else {
+        remoteconf.idvtype = IDTYPE_ASN1DN;
         remoteconf.myprivfile = argv[3];
         remoteconf.mycertfile = argv[4];
         remoteconf.cacertfile = argv[5];
author	Andreas Oberritter <obi@saftware.de>	2010-07-29 11:45:06 +0000
committer	Andreas Oberritter <obi@saftware.de>	2010-08-10 11:10:34 +0000
commit	4c7533e7bbe7f25e4ec3afd8325570b04687e846 (patch)
tree	5bf1f387b44da3f06c829fd2c925bd0039b4441c
parent	4fe3597dce855ea199afa239498c9c1833a6fe48 (diff)
download	ipsec-tools-4c7533e7bbe7f25e4ec3afd8325570b04687e846.tar.gz