]> git.ipfire.org Git - people/ms/strongswan.git/commitdiff
projects / people / ms / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ee7b738)
Try to load raw keys from ipsec.conf as PKCS#1 blob first
authorTobias Brunner <tobias@strongswan.org>
Mon, 1 Apr 2013 11:51:37 +0000 (13:51 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 7 May 2013 12:08:51 +0000 (14:08 +0200)
The DNSKEY builder is quite eager and parses pretty much anything
as RSA key, so this has to be done before.

src/libcharon/plugins/stroke/stroke_cred.c patch | blob | blame | history

diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index eda746f7e8c124e1c3c7f85f0bf736d63d826653..6c47a7b06139ecd5ace170decbb6666f2fa84792 100644 (file)
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -291,17 +291,24 @@ METHOD(stroke_cred_t, load_pubkey, certificate_t*,
        }
        else if (strncaseeq(filename, "0x", 2) || strncaseeq(filename, "0s", 2))
        {
-               chunk_t printable_key, rfc3110_key;
+               chunk_t printable_key, raw_key;
                public_key_t *key;
 
                printable_key = chunk_create(filename + 2, strlen(filename) - 2);
-               rfc3110_key = strncaseeq(filename, "0x", 2) ?
+               raw_key = strncaseeq(filename, "0x", 2) ?
                                                                 chunk_from_hex(printable_key, NULL) :
                                                                 chunk_from_base64(printable_key, NULL);
-               key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
-                                                                BUILD_BLOB_DNSKEY, rfc3110_key,
+               key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
+                                                                BUILD_BLOB_ASN1_DER, raw_key,
                                                                 BUILD_END);
-               free(rfc3110_key.ptr);
+               if (!key)
+               {       /* try RFC 3110 format (as it accepts nearly any blob, the above has
+                        * to be tried first) */
+                       key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
+                                                                        BUILD_BLOB_DNSKEY, raw_key,
+                                                                        BUILD_END);
+               }
+               chunk_free(&raw_key);
                if (key)
                {
                        cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
Michael's strongswan development tree