sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-08 00:02:03 -04:00
Code Issues Projects Releases Wiki Activity

libtls: Move settings to <ns>.tls with fallback to libtls

Browse Source
This commit is contained in:
Tobias Brunner 2014-01-28 17:26:50 +01:00
parent eb9b375aa1
commit 409adef43c
3 changed files with 21 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
man/strongswan.conf.5.in
View File

@ -379,6 +379,18 @@ set this value too low. The number of idle worker threads listed in
.I ipsec statusall .I ipsec statusall
might be used as indicator on the number of reserved threads. might be used as indicator on the number of reserved threads.
.TP .TP
.BR charon.tls.cipher
List of TLS encryption ciphers
.TP
.BR charon.tls.key_exchange
List of TLS key exchange methods
.TP
.BR charon.tls.mac
List of TLS MAC algorithms
.TP
.BR charon.tls.suites
List of TLS cipher suites
.TP
.BR charon.user .BR charon.user
Name of the user the daemon changes to after startup Name of the user the daemon changes to after startup
.TP .TP
@ -946,19 +958,6 @@ Open/close a PAM session for each active IKE_SA
.BR charon.plugins.xauth-pam.trim_email " [yes]" .BR charon.plugins.xauth-pam.trim_email " [yes]"
If an email address is given as an XAuth username, trim it to just the If an email address is given as an XAuth username, trim it to just the
username part. username part.
.SS libtls section
.TP
.BR libtls.cipher
List of TLS encryption ciphers
.TP
.BR libtls.key_exchange
List of TLS key exchange methods
.TP
.BR libtls.mac
List of TLS MAC algorithms
.TP
.BR libtls.suites
List of TLS cipher suites
.SS libtnccs section .SS libtnccs section
.TP .TP
.BR libtnccs.tnc_config " [/etc/tnc_config]" .BR libtnccs.tnc_config " [/etc/tnc_config]"

1
src/libtls/tls.c
View File

@ -471,6 +471,7 @@ tls_t *tls_create(bool is_server, identification_t *server,
.application = application, .application = application,
.purpose = purpose, .purpose = purpose,
); );
lib->settings->add_fallback(lib->settings, "%s.tls", "libtls", lib->ns);
this->crypto = tls_crypto_create(&this->public, cache); this->crypto = tls_crypto_create(&this->public, cache);
this->alert = tls_alert_create(); this->alert = tls_alert_create();

12
src/libtls/tls_crypto.c
View File

@ -711,7 +711,8 @@ static void filter_key_exchange_config_suites(private_tls_crypto_t *this,
int i, remaining = 0; int i, remaining = 0;
char *token, *config; char *token, *config;
config = lib->settings->get_str(lib->settings, "libtls.key_exchange", NULL); config = lib->settings->get_str(lib->settings, "%s.tls.key_exchange", NULL,
lib->ns);
if (config) if (config)
{ {
for (i = 0; i < *count; i++) for (i = 0; i < *count; i++)
@ -765,7 +766,8 @@ static void filter_cipher_config_suites(private_tls_crypto_t *this,
int i, remaining = 0; int i, remaining = 0;
char *token, *config; char *token, *config;
config = lib->settings->get_str(lib->settings, "libtls.cipher", NULL); config = lib->settings->get_str(lib->settings, "%s.tls.cipher", NULL,
lib->ns);
if (config) if (config)
{ {
for (i = 0; i < *count; i++) for (i = 0; i < *count; i++)
@ -830,7 +832,8 @@ static void filter_mac_config_suites(private_tls_crypto_t *this,
int i, remaining = 0; int i, remaining = 0;
char *token, *config; char *token, *config;
config = lib->settings->get_str(lib->settings, "libtls.mac", NULL); config = lib->settings->get_str(lib->settings, "%s.tls.mac", NULL,
lib->ns);
if (config) if (config)
{ {
for (i = 0; i < *count; i++) for (i = 0; i < *count; i++)
@ -879,7 +882,8 @@ static void filter_specific_config_suites(private_tls_crypto_t *this,
int i, remaining = 0, suite; int i, remaining = 0, suite;
char *token, *config; char *token, *config;
config = lib->settings->get_str(lib->settings, "libtls.suites", NULL); config = lib->settings->get_str(lib->settings, "%s.tls.suites", NULL,
lib->ns);
if (config) if (config)
{ {
for (i = 0; i < *count; i++) for (i = 0; i < *count; i++)