ike-cfg: Change how OCSP certificate requests are enabled

author Tobias Brunner <tobias@strongswan.org>

Fri, 15 Mar 2024 13:40:30 +0000 (14:40 +0100)

committer Tobias Brunner <tobias@strongswan.org>

Fri, 15 Mar 2024 14:38:19 +0000 (15:38 +0100)
author Tobias Brunner <tobias@strongswan.org>
Fri, 15 Mar 2024 13:40:30 +0000 (14:40 +0100)
committer Tobias Brunner <tobias@strongswan.org>
Fri, 15 Mar 2024 14:38:19 +0000 (15:38 +0100)
diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c

index 84959934c601d1ca65afdc25640501f47efd06df..ccc44c913953ba29874fde250a89f05fccb1c1cf 100644 (file)
--- a/src/libcharon/config/ike_cfg.c
+++ b/src/libcharon/config/ike_cfg.c
@@ -624,7 +624,7 @@ ike_cfg_t *ike_cfg_create(ike_cfg_create_t *data)
                 .refcount = 1,
                 .version = data->version,
                 .certreq = !data->no_certreq,
-               .ocsp_certreq = !data->no_ocsp_certreq,
+               .ocsp_certreq = data->ocsp_certreq,
                 .force_encap = data->force_encap,
                 .fragmentation = data->fragmentation,
                 .childless = data->childless,
diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h

index f54824219258512cfe08c667d62e37a33fda8e43..9c158157645581041d44ddbf836ffcb687bf6d2d 100644 (file)
--- a/src/libcharon/config/ike_cfg.h
+++ b/src/libcharon/config/ike_cfg.h
@@ -295,8 +295,8 @@ struct ike_cfg_create_t {
         uint16_t remote_port;
         /** TRUE to not send any certificate requests */
         bool no_certreq;
-       /** TRUE to not send OCSP status requests */
-       bool no_ocsp_certreq;
+       /** TRUE to send OCSP status requests */
+       bool ocsp_certreq;
         /** Enforce UDP encapsulation by faking NATD notify */
         bool force_encap;
         /** Use IKE fragmentation */
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c

index 838fc360606b621aff8ce67930bf0e098e49e671..c858e9945c4fb957bfa086051936556f01bac958 100644 (file)
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -2672,8 +2672,8 @@ CALLBACK(config_sn, bool,
                 .remote = peer.remote_addrs,
                 .remote_port = peer.remote_port,
                 .no_certreq = !peer.send_certreq,
-               .no_ocsp_certreq = peer.ocsp != OCSP_SEND_BOTH &&
-                                                  peer.ocsp != OCSP_SEND_REQUEST,
+               .ocsp_certreq = peer.ocsp == OCSP_SEND_BOTH ||
+                                               peer.ocsp == OCSP_SEND_REQUEST,
                 .force_encap = peer.encap,
                 .fragmentation = peer.fragmentation,
                 .childless = peer.childless,
author	Tobias Brunner <tobias@strongswan.org>
	Fri, 15 Mar 2024 13:40:30 +0000 (14:40 +0100)
committer	Tobias Brunner <tobias@strongswan.org>
	Fri, 15 Mar 2024 14:38:19 +0000 (15:38 +0100)
src/libcharon/config/ike_cfg.c		patch \| blob \| blame \| history
src/libcharon/config/ike_cfg.h		patch \| blob \| blame \| history
src/libcharon/plugins/vici/vici_config.c		patch \| blob \| blame \| history