sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-12-10 00:01:20 -05:00
Code Issues Projects Releases Wiki Activity

Try to load raw keys from ipsec.conf as PKCS#1 blob first

Browse Source 
The DNSKEY builder is quite eager and parses pretty much anything
as RSA key, so this has to be done before.
This commit is contained in:
Tobias Brunner 2013-04-01 13:51:37 +02:00
parent ee7b73832c
commit c0bbddfa42
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/libcharon/plugins/stroke/stroke_cred.c
View File

@ -291,17 +291,24 @@ METHOD(stroke_cred_t, load_pubkey, certificate_t*,
} }
else if (strncaseeq(filename, "0x", 2) || strncaseeq(filename, "0s", 2)) else if (strncaseeq(filename, "0x", 2) || strncaseeq(filename, "0s", 2))
{ {
chunk_t printable_key, rfc3110_key; chunk_t printable_key, raw_key;
public_key_t *key; public_key_t *key;
printable_key = chunk_create(filename + 2, strlen(filename) - 2); printable_key = chunk_create(filename + 2, strlen(filename) - 2);
rfc3110_key = strncaseeq(filename, "0x", 2) ? raw_key = strncaseeq(filename, "0x", 2) ?
chunk_from_hex(printable_key, NULL) : chunk_from_hex(printable_key, NULL) :
chunk_from_base64(printable_key, NULL); chunk_from_base64(printable_key, NULL);
key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
BUILD_BLOB_DNSKEY, rfc3110_key, BUILD_BLOB_ASN1_DER, raw_key,
BUILD_END); BUILD_END);
free(rfc3110_key.ptr); if (!key)
{ /* try RFC 3110 format (as it accepts nearly any blob, the above has
* to be tried first) */
key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
BUILD_BLOB_DNSKEY, raw_key,
BUILD_END);
}
chunk_free(&raw_key);
if (key) if (key)
{ {
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,