Feature #1403
Android: Ability to specify an identity when using EAP-TLS certs
Start date:
13.04.2016
Due date:
Estimated time:
Resolution:
Fixed
Description
In the Android client, currently, the identity used for "leftid" is the full DN of the certificate used.
However it would be useful to have a choice here to either :
- Use full DN (current behavior)
- Take the SubjAltName EMAIL if it exists.
- Specify one
Associated revisions
History
#1 Updated by Tobias Brunner about 5 years ago
- Category set to android
- Status changed from New to Closed
- Assignee set to Tobias Brunner
- Target version set to 5.5.0
- Resolution set to Fixed
In the Android client, currently, the identity used for "leftid" is the full DN of the certificate used.
However it would be useful to have a choice here to either :
- Use full DN (current behavior)
- Take the SubjAltName EMAIL if it exists.
This will be possible with the next version of the app.
- Specify one
I'm not sure how much sense it makes to set an identity that is not confirmed by the certificate, so the GUI currently provides no option to freely configure a local identity.
Merge branch 'android-gui-updates'
Removes the progress dialogs while connecting/disconnecting, updates
the VPN profile editor (floating labels, helper texts) and allows
configuration of the remote identity (disables loose identity matching),
and selection of the local identity if certificates are used.
Also fixes an issue when redirected during IKE_AUTH and increases the
NAT-T keepalive interval.
Fixes #1403.