ipseckey: Added "enable" option for the IPSECKEY plugin to strongswan.conf
authorReto Guadagnini <rguadagn@hsr.ch>
Fri, 8 Jun 2012 15:15:09 +0000 (17:15 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 19 Feb 2013 11:25:00 +0000 (12:25 +0100)
man/strongswan.conf.5.in
src/libcharon/plugins/ipseckey/ipseckey_plugin.c

index feffcfb..b3902e2 100644 (file)
@@ -569,6 +569,9 @@ Request peer authentication based on a client certificate
 .BR charon.plugins.ha.segment_count " [1]"
 
 .TP
+.BR charon.plugins.ipseckey.enable " [no]"
+Enable the fetching of IPSECKEY RRs from the DNS
+.TP
 .BR charon.plugins.led.activity_led
 
 .TP
index 563c366..6f0f105 100644 (file)
@@ -40,6 +40,11 @@ struct private_ipseckey_plugin_t {
         * credential set
         */
        ipseckey_cred_t *cred;
+
+       /**
+        * IPSECKEY based authentication enabled
+        */
+       bool enabled;
 };
 
 METHOD(plugin_t, get_name, char*,
@@ -51,7 +56,10 @@ METHOD(plugin_t, get_name, char*,
 METHOD(plugin_t, destroy, void,
        private_ipseckey_plugin_t *this)
 {
-       lib->credmgr->remove_set(lib->credmgr, &this->cred->set);
+       if (this->enabled)
+       {
+               lib->credmgr->remove_set(lib->credmgr, &this->cred->set);
+       }
        this->res->destroy(this->res);
        DESTROY_IF(this->cred);
        free(this);
@@ -73,6 +81,8 @@ plugin_t *ipseckey_plugin_create()
                        },
                },
                .res = lib->resolver->create(lib->resolver),
+               .enabled = lib->settings->get_bool(lib->settings,
+                                                               "charon.plugins.ipseckey.enable", FALSE),
        );
 
        if (!this->res)
@@ -83,8 +93,11 @@ plugin_t *ipseckey_plugin_create()
                return NULL;
        }
 
-       this->cred = ipseckey_cred_create(this->res);
-       lib->credmgr->add_set(lib->credmgr, &this->cred->set);
+       if (this->enabled)
+       {
+               this->cred = ipseckey_cred_create(this->res);
+               lib->credmgr->add_set(lib->credmgr, &this->cred->set);
+       }
 
        return &this->public.plugin;
 }