vici: list cert_policy parameter
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 22 Jun 2018 08:39:36 +0000 (10:39 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 22 Jun 2018 08:39:40 +0000 (10:39 +0200)
src/libcharon/plugins/vici/vici_config.c
src/libcharon/plugins/vici/vici_query.c
src/swanctl/commands/list_conns.c

index 109944c..78a77d2 100644 (file)
@@ -3,7 +3,7 @@
  * Copyright (C) 2014 revosec AG
  *
  * Copyright (C) 2015-2017 Tobias Brunner
- * Copyright (C) 2015-2016 Andreas Steffen
+ * Copyright (C) 2015-2018 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
index 82c3d78..4385cf6 100644 (file)
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015-2017 Tobias Brunner
- * Copyright (C) 2015 Andreas Steffen
+ * Copyright (C) 2015-2018 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2014 Martin Willi
@@ -737,6 +737,18 @@ static void build_auth_cfgs(peer_cfg_t *peer_cfg, bool local, vici_builder_t *b)
                rules->destroy(rules);
                b->end_list(b);
 
+               b->begin_list(b, "cert_policy");
+               rules = auth->create_enumerator(auth);
+               while (rules->enumerate(rules, &rule, &v))
+               {
+                       if (rule == AUTH_RULE_CERT_POLICY)
+                       {
+                               b->add_li(b, "%s", v.str);
+                       }
+               }
+               rules->destroy(rules);
+               b->end_list(b);
+
                b->begin_list(b, "certs");
                rules = auth->create_enumerator(auth);
                while (rules->enumerate(rules, &rule, &v))
index f692e99..ce903e5 100644 (file)
@@ -2,7 +2,7 @@
  * Copyright (C) 2014 Martin Willi
  * Copyright (C) 2014 revosec AG
  *
- * Copyright (C) 2016 Andreas Steffen
+ * Copyright (C) 2016-2018 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -199,6 +199,10 @@ CALLBACK(conn_sn, int,
                        {
                                printf("    groups: %s\n", auth->get(auth, "groups"));
                        }
+                       if (auth->get(auth, "cert_policy"))
+                       {
+                               printf("    cert policy: %s\n", auth->get(auth, "cert_policy"));
+                       }
                        if (auth->get(auth, "certs"))
                        {
                                printf("    certs: %s\n", auth->get(auth, "certs"));