From: Tobias Brunner Date: Tue, 28 Jan 2014 16:26:50 +0000 (+0100) Subject: libtls: Move settings to .tls with fallback to libtls X-Git-Tag: 5.1.2rc1~7^2~39 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=409adef43cf387deb1cd00bd56dec3cdd7221181;p=thirdparty%2Fstrongswan.git libtls: Move settings to .tls with fallback to libtls --- diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in index 40df77881e..7696540a3e 100644 --- a/man/strongswan.conf.5.in +++ b/man/strongswan.conf.5.in @@ -379,6 +379,18 @@ set this value too low. The number of idle worker threads listed in .I ipsec statusall might be used as indicator on the number of reserved threads. .TP +.BR charon.tls.cipher +List of TLS encryption ciphers +.TP +.BR charon.tls.key_exchange +List of TLS key exchange methods +.TP +.BR charon.tls.mac +List of TLS MAC algorithms +.TP +.BR charon.tls.suites +List of TLS cipher suites +.TP .BR charon.user Name of the user the daemon changes to after startup .TP @@ -946,19 +958,6 @@ Open/close a PAM session for each active IKE_SA .BR charon.plugins.xauth-pam.trim_email " [yes]" If an email address is given as an XAuth username, trim it to just the username part. -.SS libtls section -.TP -.BR libtls.cipher -List of TLS encryption ciphers -.TP -.BR libtls.key_exchange -List of TLS key exchange methods -.TP -.BR libtls.mac -List of TLS MAC algorithms -.TP -.BR libtls.suites -List of TLS cipher suites .SS libtnccs section .TP .BR libtnccs.tnc_config " [/etc/tnc_config]" diff --git a/src/libtls/tls.c b/src/libtls/tls.c index 6d33d843d6..6b51e75938 100644 --- a/src/libtls/tls.c +++ b/src/libtls/tls.c @@ -471,6 +471,7 @@ tls_t *tls_create(bool is_server, identification_t *server, .application = application, .purpose = purpose, ); + lib->settings->add_fallback(lib->settings, "%s.tls", "libtls", lib->ns); this->crypto = tls_crypto_create(&this->public, cache); this->alert = tls_alert_create(); diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index 12aa049a2e..cc73ebaebd 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -711,7 +711,8 @@ static void filter_key_exchange_config_suites(private_tls_crypto_t *this, int i, remaining = 0; char *token, *config; - config = lib->settings->get_str(lib->settings, "libtls.key_exchange", NULL); + config = lib->settings->get_str(lib->settings, "%s.tls.key_exchange", NULL, + lib->ns); if (config) { for (i = 0; i < *count; i++) @@ -765,7 +766,8 @@ static void filter_cipher_config_suites(private_tls_crypto_t *this, int i, remaining = 0; char *token, *config; - config = lib->settings->get_str(lib->settings, "libtls.cipher", NULL); + config = lib->settings->get_str(lib->settings, "%s.tls.cipher", NULL, + lib->ns); if (config) { for (i = 0; i < *count; i++) @@ -830,7 +832,8 @@ static void filter_mac_config_suites(private_tls_crypto_t *this, int i, remaining = 0; char *token, *config; - config = lib->settings->get_str(lib->settings, "libtls.mac", NULL); + config = lib->settings->get_str(lib->settings, "%s.tls.mac", NULL, + lib->ns); if (config) { for (i = 0; i < *count; i++) @@ -879,7 +882,8 @@ static void filter_specific_config_suites(private_tls_crypto_t *this, int i, remaining = 0, suite; char *token, *config; - config = lib->settings->get_str(lib->settings, "libtls.suites", NULL); + config = lib->settings->get_str(lib->settings, "%s.tls.suites", NULL, + lib->ns); if (config) { for (i = 0; i < *count; i++)