projects / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5595d2b)
Added a cert_policy option to conftest configurations
authorMartin Willi <martin@revosec.ch>
Thu, 16 Dec 2010 15:18:11 +0000 (16:18 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 5 Jan 2011 15:46:03 +0000 (16:46 +0100)
src/conftest/config.c patch | blob | history

diff --git a/src/conftest/config.c b/src/conftest/config.c
index 676a80c..9521412 100644 (file)
--- a/src/conftest/config.c
+++ b/src/conftest/config.c
@@ -247,7 +247,7 @@ static peer_cfg_t *load_peer_config(private_config_t *this,
        child_cfg_t *child_cfg;
        enumerator_t *enumerator;
        identification_t *lid, *rid;
-       char *child;
+       char *child, *policy;
        uintptr_t strength;
 
        ike_cfg = load_ike_config(this, settings, config);
@@ -276,6 +276,11 @@ static peer_cfg_t *load_peer_config(private_config_t *this,
        {
                auth->add(auth, AUTH_RULE_ECDSA_STRENGTH, strength);
        }
+       policy = settings->get_str(settings, "configs.%s.cert_policy", NULL, config);
+       if (policy)
+       {
+               auth->add(auth, AUTH_RULE_CERT_POLICY, strdup(policy));
+       }
        auth->add(auth, AUTH_RULE_IDENTITY, rid);
        peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
 
strongSwan - IPsec VPN