accept PGP v3 or v4 fingerprint as alternative to PGP user_id
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 9 Nov 2009 22:15:17 +0000 (23:15 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 9 Nov 2009 22:15:17 +0000 (23:15 +0100)
src/libstrongswan/plugins/pgp/pgp_cert.c
testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.conf

index 6c2bc4a..373aba2 100644 (file)
@@ -104,7 +104,16 @@ static identification_t* get_issuer(private_pgp_cert_t *this)
 static id_match_t has_subject(private_pgp_cert_t *this,
                                                          identification_t *subject)
 {
-       return this->user_id->matches(this->user_id, subject);
+       id_match_t match_user_id;
+
+       match_user_id = this->user_id->matches(this->user_id, subject);
+       if (match_user_id == ID_MATCH_NONE &&
+               subject->get_type(subject) == ID_KEY_ID &&
+        chunk_equals(this->fingerprint, subject->get_encoding(subject)))
+       {
+               return ID_MATCH_PERFECT;
+       }
+       return match_user_id;
 }
 
 /**
@@ -369,7 +378,7 @@ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet)
        /* we parse only V3 signature packets */
        if (version != 3)
        {
-               DBG1("  skipped V%d PGP signature", version);
+               DBG2("  skipped V%d PGP signature", version);
                return TRUE;
        }
        if (!pgp_read_scalar(&packet, 1, &len) || len != 5)
index 97fa1c3..405cd06 100755 (executable)
@@ -14,6 +14,7 @@ conn net-net
        left=PH_IP_MOON
        leftsubnet=10.1.0.0/16
        leftcert=moonCert.asc
+       leftid=@#71270432cd763a18020ac988c0e75aed
        leftfirewall=yes
        right=PH_IP_SUN
        rightsubnet=10.2.0.0/16
index d18270e..4460106 100755 (executable)
@@ -18,4 +18,5 @@ conn net-net
        right=PH_IP_MOON
        rightsubnet=10.1.0.0/16
        rightcert=moonCert.asc
+       rightid=@#71270432cd763a18020ac988c0e75aed
        auto=add
index 97fa1c3..d059cb1 100755 (executable)
@@ -18,4 +18,5 @@ conn net-net
        right=PH_IP_SUN
        rightsubnet=10.2.0.0/16
        rightcert=sunCert.asc
+       rightid=@#b42f31fec80ae3264a101c85977a04ac8d1638d3
        auto=add
index d18270e..198f2a8 100755 (executable)
@@ -14,6 +14,7 @@ conn net-net
        left=PH_IP_SUN
        leftsubnet=10.2.0.0/16
        leftcert=sunCert.asc
+        leftid=@#b42f31fec80ae3264a101c85977a04ac8d1638d3
        leftfirewall=yes
        right=PH_IP_MOON
        rightsubnet=10.1.0.0/16