[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-tech
Subject: Re: Reenable ASN1_DN IDs with certificates in iked
From: Tim Stewart <tim () stoo ! org>
Date: 2017-05-17 5:41:55
Message-ID: 87k25gjazg.fsf () stoo ! org
[Download RAW message or body]
Here is a version of the previous patch that preserves tabs properly.
Apologies.
-TimS
Index: parse.y
===================================================================
RCS file: /cvs/src/sbin/iked/parse.y,v
retrieving revision 1.65
diff -u -p -r1.65 parse.y
--- parse.y 24 Apr 2017 07:07:25 -0000 1.65
+++ parse.y 17 May 2017 05:40:39 -0000
@@ -1735,6 +1735,8 @@ set_policy_auth_method(const char *peeri
method = IKEV2_AUTH_NONE;
cert_type = IKEV2_CERT_NONE;
+ ikeauth = &pol->pol_auth;
+
if (key != NULL) {
/* infer policy from key type */
if ((rsa = EVP_PKEY_get1_RSA(key)) != NULL) {
@@ -1767,14 +1769,16 @@ set_policy_auth_method(const char *peeri
if (method == IKEV2_AUTH_NONE || cert_type == IKEV2_CERT_NONE)
return (-1);
+ } else if (ikeauth->auth_method == IKEV2_AUTH_RSA_SIG) {
+ /* default to IKEV2_CERT_X509_CERT otherwise */
+ method = IKEV2_AUTH_RSA_SIG;
+ cert_type = IKEV2_CERT_X509_CERT;
} else {
/* default to IKEV2_CERT_X509_CERT otherwise */
method = IKEV2_AUTH_SIG;
cert_type = IKEV2_CERT_X509_CERT;
}
- ikeauth = &pol->pol_auth;
-
if (ikeauth->auth_method == IKEV2_AUTH_SHARED_KEY_MIC) {
if (key != NULL &&
method != IKEV2_AUTH_RSA_SIG)
@@ -1784,6 +1788,7 @@ set_policy_auth_method(const char *peeri
if (ikeauth->auth_method != IKEV2_AUTH_NONE &&
ikeauth->auth_method != IKEV2_AUTH_SIG_ANY &&
+ ikeauth->auth_method != IKEV2_AUTH_RSA_SIG &&
ikeauth->auth_method != method)
goto mismatch;
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic