pluto: Drop support for legacy PSK format.

Any line in ipsec.secrets starting with " or ' was treated as PSK
without ID selectors by pluto.  This prevented it from supporting DNs
like "C=CH, O=Linux strongSwan, OU=Sales, CN=alice@strongswan.org" as
ID selectors.

PSKs defined in this legacy format can easily be updated by changing

"thisIsASecret"

into

: PSK "thisIsASecret"

diff --git a/src/pluto/keys.c b/src/pluto/keys.c
index a204d86cb909c01e3d15a3759af5b4b602a11a1f..00976882d50664cf6ff1000edc739a0be2f43383 100644 (file)
--- a/src/pluto/keys.c
+++ b/src/pluto/keys.c
@@ -835,14 +835,7 @@ static void process_secret(secret_t *s, int whackfd)
        err_t ugh = NULL;
 
        s->kind = SECRET_PSK;  /* default */
-       if (*tok == '"' || *tok == '\'')
-       {
-               log_psk("PSK", s);
-
-               /* old PSK format: just a string */
-               ugh = process_psk_secret(&s->u.preshared_secret);
-       }
-       else if (tokeqword("psk"))
+       if (tokeqword("psk"))
        {
                log_psk("PSK", s);
 
@@ -989,13 +982,7 @@ static void process_secret_records(int whackfd)
 
                        for (;;)
                        {
-                               if (tok[0] == '"' || tok[0] == '\'')
-                               {
-                                       /* found key part */
-                                       process_secret(s, whackfd);
-                                       break;
-                               }
-                               else if (tokeq(":"))
+                               if (tokeq(":"))
                                {
                                        /* found key part */
                                        shift();    /* discard explicit separator */