From: Martin Willi <martin@revosec.ch>
Date: Thu, 16 Dec 2010 15:18:11 +0000 (+0100)
Subject: Added a cert_policy option to conftest configurations
X-Git-Tag: 4.5.1~179
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=58be32e88e605ef5374244dceb249689a3547ea6;p=thirdparty%2Fstrongswan.git

Added a cert_policy option to conftest configurations
---

diff --git a/src/conftest/config.c b/src/conftest/config.c
index 676a80c882..9521412113 100644
--- a/src/conftest/config.c
+++ b/src/conftest/config.c
@@ -247,7 +247,7 @@ static peer_cfg_t *load_peer_config(private_config_t *this,
 	child_cfg_t *child_cfg;
 	enumerator_t *enumerator;
 	identification_t *lid, *rid;
-	char *child;
+	char *child, *policy;
 	uintptr_t strength;
 
 	ike_cfg = load_ike_config(this, settings, config);
@@ -276,6 +276,11 @@ static peer_cfg_t *load_peer_config(private_config_t *this,
 	{
 		auth->add(auth, AUTH_RULE_ECDSA_STRENGTH, strength);
 	}
+	policy = settings->get_str(settings, "configs.%s.cert_policy", NULL, config);
+	if (policy)
+	{
+		auth->add(auth, AUTH_RULE_CERT_POLICY, strdup(policy));
+	}
 	auth->add(auth, AUTH_RULE_IDENTITY, rid);
 	peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);