pluto: Drop support for legacy PSK format.
authorTobias Brunner <tobias@strongswan.org>
Wed, 8 Feb 2012 12:36:32 +0000 (13:36 +0100)
committerTobias Brunner <tobias@strongswan.org>
Wed, 8 Feb 2012 12:36:32 +0000 (13:36 +0100)
Any line in ipsec.secrets starting with " or ' was treated as PSK
without ID selectors by pluto.  This prevented it from supporting DNs
like "C=CH, O=Linux strongSwan, OU=Sales, CN=alice@strongswan.org" as
ID selectors.

PSKs defined in this legacy format can easily be updated by changing

"thisIsASecret"

into

: PSK "thisIsASecret"

src/pluto/keys.c

index a204d86..0097688 100644 (file)
@@ -835,14 +835,7 @@ static void process_secret(secret_t *s, int whackfd)
        err_t ugh = NULL;
 
        s->kind = SECRET_PSK;  /* default */
-       if (*tok == '"' || *tok == '\'')
-       {
-               log_psk("PSK", s);
-
-               /* old PSK format: just a string */
-               ugh = process_psk_secret(&s->u.preshared_secret);
-       }
-       else if (tokeqword("psk"))
+       if (tokeqword("psk"))
        {
                log_psk("PSK", s);
 
@@ -989,13 +982,7 @@ static void process_secret_records(int whackfd)
 
                        for (;;)
                        {
-                               if (tok[0] == '"' || tok[0] == '\'')
-                               {
-                                       /* found key part */
-                                       process_secret(s, whackfd);
-                                       break;
-                               }
-                               else if (tokeq(":"))
+                               if (tokeq(":"))
                                {
                                        /* found key part */
                                        shift();    /* discard explicit separator */