charon.send_vendor_id = no
Send strongSwan vendor ID payload
+charon.signature_authentication = yes
+ Whether to enable Signature Authentication as per RFC 7427.
+
charon.start-scripts {}
Section containing a list of scripts (name = path) that are executed when
the daemon is started.
* retries done so far after failure (cookie or bad dh group)
*/
u_int retry;
+
+ /**
+ * Whether to use Signature Authentication as per RFC 7427
+ */
+ bool signature_authentication;
};
/**
}
}
/* submit supported hash algorithms for signature authentication */
- if (!this->old_sa)
+ if (!this->old_sa && this->signature_authentication)
{
if (this->initiator ||
this->ike_sa->supports_extension(this->ike_sa,
EXT_IKE_FRAGMENTATION);
break;
case SIGNATURE_HASH_ALGORITHMS:
- handle_supported_hash_algorithms(this, notify);
+ if (this->signature_authentication)
+ {
+ handle_supported_hash_algorithms(this, notify);
+ }
break;
default:
/* other notifies are handled elsewhere */
.dh_group = MODP_NONE,
.keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa),
.old_sa = old_sa,
+ .signature_authentication = lib->settings->get_bool(lib->settings,
+ "%s.signature_authentication", TRUE, lib->ns),
);
if (initiator)