accept PGP v3 or v4 fingerprint as alternative to PGP user_id

src/libstrongswan/plugins/pgp/pgp_cert.c

@@ -104,7 +104,16 @@ static identification_t* get_issuer(private_pgp_cert_t *this)
 static id_match_t has_subject(private_pgp_cert_t *this,
 							  identification_t *subject)
 {
-	return this->user_id->matches(this->user_id, subject);
+	id_match_t match_user_id;
+
+	match_user_id = this->user_id->matches(this->user_id, subject);
+	if (match_user_id == ID_MATCH_NONE &&
+		subject->get_type(subject) == ID_KEY_ID &&
+        chunk_equals(this->fingerprint, subject->get_encoding(subject)))
+	{
+		return ID_MATCH_PERFECT;
+	}
+	return match_user_id;
 }
 
 /**
@@ -369,7 +378,7 @@ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet)
 	/* we parse only V3 signature packets */
 	if (version != 3)
 	{
-		DBG1("  skipped V%d PGP signature", version);
+		DBG2("  skipped V%d PGP signature", version);
 		return TRUE;
 	}
 	if (!pgp_read_scalar(&packet, 1, &len) || len != 5)

testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.conf

@@ -14,6 +14,7 @@ conn net-net
 	left=PH_IP_MOON
 	leftsubnet=10.1.0.0/16
 	leftcert=moonCert.asc
+	leftid=@#71270432cd763a18020ac988c0e75aed
 	leftfirewall=yes
 	right=PH_IP_SUN
 	rightsubnet=10.2.0.0/16

testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.conf

@@ -18,4 +18,5 @@ conn net-net
 	right=PH_IP_MOON
 	rightsubnet=10.1.0.0/16
 	rightcert=moonCert.asc
+	rightid=@#71270432cd763a18020ac988c0e75aed
 	auto=add

testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.conf

@@ -18,4 +18,5 @@ conn net-net
 	right=PH_IP_SUN
 	rightsubnet=10.2.0.0/16
 	rightcert=sunCert.asc
+	rightid=@#b42f31fec80ae3264a101c85977a04ac8d1638d3
 	auto=add

testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.conf

@@ -14,6 +14,7 @@ conn net-net
 	left=PH_IP_SUN
 	leftsubnet=10.2.0.0/16
 	leftcert=sunCert.asc
+        leftid=@#b42f31fec80ae3264a101c85977a04ac8d1638d3
 	leftfirewall=yes
 	right=PH_IP_MOON
 	rightsubnet=10.1.0.0/16