Project

General

Profile

Feature #1403

Android: Ability to specify an identity when using EAP-TLS certs

Added by Sylvain Munaut about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Category:
android
Target version:
Start date:
13.04.2016
Due date:
Estimated time:
Resolution:
Fixed

Description

In the Android client, currently, the identity used for "leftid" is the full DN of the certificate used.

However it would be useful to have a choice here to either :
- Use full DN (current behavior)
- Take the SubjAltName EMAIL if it exists.
- Specify one

Associated revisions

Revision 5b85df67
Added by Tobias Brunner about 2 years ago

Merge branch 'android-gui-updates'

Removes the progress dialogs while connecting/disconnecting, updates
the VPN profile editor (floating labels, helper texts) and allows
configuration of the remote identity (disables loose identity matching),
and selection of the local identity if certificates are used.

Also fixes an issue when redirected during IKE_AUTH and increases the
NAT-T keepalive interval.

Fixes #1403.

History

#1 Updated by Tobias Brunner about 2 years ago

  • Category set to android
  • Status changed from New to Closed
  • Assignee set to Tobias Brunner
  • Target version set to 5.5.0
  • Resolution set to Fixed

In the Android client, currently, the identity used for "leftid" is the full DN of the certificate used.

However it would be useful to have a choice here to either :
- Use full DN (current behavior)
- Take the SubjAltName EMAIL if it exists.

This will be possible with the next version of the app.

- Specify one

I'm not sure how much sense it makes to set an identity that is not confirmed by the certificate, so the GUI currently provides no option to freely configure a local identity.

Also available in: Atom PDF