ipseckey: Added "enable" option for the IPSECKEY plugin to strongswan.conf

author Reto Guadagnini <rguadagn@hsr.ch>

Fri, 8 Jun 2012 15:15:09 +0000 (17:15 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Tue, 19 Feb 2013 11:25:00 +0000 (12:25 +0100)
author Reto Guadagnini <rguadagn@hsr.ch>
Fri, 8 Jun 2012 15:15:09 +0000 (17:15 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Tue, 19 Feb 2013 11:25:00 +0000 (12:25 +0100)
diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in

index feffcfb..b3902e2 100644 (file)
--- a/man/strongswan.conf.5.in
+++ b/man/strongswan.conf.5.in
@@ -569,6 +569,9 @@ Request peer authentication based on a client certificate
  .BR charon.plugins.ha.segment_count " [1]"
  
  .TP
+.BR charon.plugins.ipseckey.enable " [no]"
+Enable the fetching of IPSECKEY RRs from the DNS
+.TP
  .BR charon.plugins.led.activity_led
  
  .TP
diff --git a/src/libcharon/plugins/ipseckey/ipseckey_plugin.c b/src/libcharon/plugins/ipseckey/ipseckey_plugin.c

index 563c366..6f0f105 100644 (file)
--- a/src/libcharon/plugins/ipseckey/ipseckey_plugin.c
+++ b/src/libcharon/plugins/ipseckey/ipseckey_plugin.c
@@ -40,6 +40,11 @@ struct private_ipseckey_plugin_t {
          * credential set
          */
         ipseckey_cred_t *cred;
+
+       /**
+        * IPSECKEY based authentication enabled
+        */
+       bool enabled;
  };
  
  METHOD(plugin_t, get_name, char*,
@@ -51,7 +56,10 @@ METHOD(plugin_t, get_name, char*,
  METHOD(plugin_t, destroy, void,
         private_ipseckey_plugin_t *this)
  {
-       lib->credmgr->remove_set(lib->credmgr, &this->cred->set);
+       if (this->enabled)
+       {
+               lib->credmgr->remove_set(lib->credmgr, &this->cred->set);
+       }
         this->res->destroy(this->res);
         DESTROY_IF(this->cred);
         free(this);
@@ -73,6 +81,8 @@ plugin_t *ipseckey_plugin_create()
                         },
                 },
                 .res = lib->resolver->create(lib->resolver),
+               .enabled = lib->settings->get_bool(lib->settings,
+                                                               "charon.plugins.ipseckey.enable", FALSE),
         );
  
         if (!this->res)
@@ -83,8 +93,11 @@ plugin_t *ipseckey_plugin_create()
                 return NULL;
         }
  
-       this->cred = ipseckey_cred_create(this->res);
-       lib->credmgr->add_set(lib->credmgr, &this->cred->set);
+       if (this->enabled)
+       {
+               this->cred = ipseckey_cred_create(this->res);
+               lib->credmgr->add_set(lib->credmgr, &this->cred->set);
+       }
  
         return &this->public.plugin;
  }
author	Reto Guadagnini <rguadagn@hsr.ch>
	Fri, 8 Jun 2012 15:15:09 +0000 (17:15 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Tue, 19 Feb 2013 11:25:00 +0000 (12:25 +0100)
man/strongswan.conf.5.in		patch \| blob \| history
src/libcharon/plugins/ipseckey/ipseckey_plugin.c		patch \| blob \| history