charon.plugins.stroke.prevent_loglevel_changes = no
If enabled log level changes via stroke socket are not allowed.
+charon.plugins.stroke.secrets_file = ${sysconfdir}/ipsec.secrets
+ Location of the ipsec.secrets file
+
charon.plugins.stroke.socket = unix://${piddir}/charon.ctl
Socket provided by the stroke plugin.
*/
stroke_cred_t public;
+ /**
+ * secrets file with credential information
+ */
+ char *secrets_file;
+
/**
* credentials
*/
if (msg->reread.flags & REREAD_SECRETS)
{
DBG1(DBG_CFG, "rereading secrets");
- load_secrets(this, NULL, SECRETS_FILE, 0, prompt);
+ load_secrets(this, NULL, this->secrets_file, 0, prompt);
}
if (msg->reread.flags & REREAD_CACERTS)
{
.cachecrl = _cachecrl,
.destroy = _destroy,
},
+ .secrets_file = lib->settings->get_str(lib->settings,
+ "%s.plugins.stroke.secrets_file", SECRETS_FILE,
+ lib->ns),
.creds = mem_cred_create(),
);
FALSE, lib->ns);
load_certs(this);
- load_secrets(this, NULL, SECRETS_FILE, 0, NULL);
+ load_secrets(this, NULL, this->secrets_file, 0, NULL);
return &this->public;
}
#ifdef GENERATE_SELFCERT
static void generate_selfcert()
{
+ const char *secrets_file;
struct stat stb;
+ secrets_file = lib->settings->get_str(lib->settings,
+ "charon.plugins.stroke.secrets_file", SECRETS_FILE);
+
/* if ipsec.secrets file is missing then generate RSA default key pair */
- if (stat(SECRETS_FILE, &stb) != 0)
+ if (stat(secrets_file, &stb) != 0)
{
mode_t oldmask;
FILE *f;
/* ipsec.secrets is root readable only */
oldmask = umask(0066);
- f = fopen(SECRETS_FILE, "w");
+ f = fopen(secrets_file, "w");
if (f)
{
fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
fprintf(f, ": RSA myKey.der\n");
fclose(f);
}
- ignore_result(chown(SECRETS_FILE, uid, gid));
+ ignore_result(chown(secrets_file, uid, gid));
umask(oldmask);
}
}
projects / thirdparty / strongswan.git / commitdiff
