From: Martin Willi <martin@revosec.ch>
Date: Mon, 1 Oct 2012 12:44:55 +0000 (+0200)
Subject: Add a load-tester digest option for issuing peer certificates
X-Git-Tag: 5.0.2dr4~361
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=562b89ccee57a006241789bb6589f336d0b2ad67;p=thirdparty%2Fstrongswan.git

Add a load-tester digest option for issuing peer certificates
---

diff --git a/src/libcharon/plugins/load_tester/load_tester_creds.c b/src/libcharon/plugins/load_tester/load_tester_creds.c
index 74acabcd4f..751dfc5ed7 100644
--- a/src/libcharon/plugins/load_tester/load_tester_creds.c
+++ b/src/libcharon/plugins/load_tester/load_tester_creds.c
@@ -49,6 +49,11 @@ struct private_load_tester_creds_t {
 	 */
 	linked_list_t *cas;
 
+	/**
+	 * Digest algorithm to issue certificates
+	 */
+	hash_algorithm_t digest;
+
 	/**
 	 * serial number to issue certificates
 	 */
@@ -343,6 +348,7 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
 		peer_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
 									BUILD_SIGNING_KEY, this->private,
 									BUILD_SIGNING_CERT, this->ca,
+									BUILD_DIGEST_ALG, this->digest,
 									BUILD_PUBLIC_KEY, peer_key,
 									BUILD_SUBJECT, id,
 									BUILD_NOT_BEFORE_TIME, now - 60 * 60 * 24,
@@ -411,12 +417,14 @@ METHOD(load_tester_creds_t, destroy, void,
 load_tester_creds_t *load_tester_creds_create()
 {
 	private_load_tester_creds_t *this;
-	char *pwd, *psk;
+	char *pwd, *psk, *digest;
 
 	psk = lib->settings->get_str(lib->settings,
 			"%s.plugins.load-tester.preshared_key", default_psk, charon->name);
 	pwd = lib->settings->get_str(lib->settings,
 			"%s.plugins.load-tester.eap_password", default_pwd, charon->name);
+	digest = lib->settings->get_str(lib->settings,
+			"%s.plugins.load-tester.digest", "sha1", charon->name);
 
 	INIT(this,
 		.public = {
@@ -432,6 +440,7 @@ load_tester_creds_t *load_tester_creds_create()
 		.private = load_issuer_key(this),
 		.ca = load_issuer_cert(this),
 		.cas = linked_list_create(),
+		.digest = enum_from_name(hash_algorithm_short_names, digest),
 		.psk = shared_key_create(SHARED_IKE,
 								 chunk_clone(chunk_create(psk, strlen(psk)))),
 		.pwd = shared_key_create(SHARED_EAP,
@@ -443,6 +452,12 @@ load_tester_creds_t *load_tester_creds_create()
 		this->cas->insert_last(this->cas, this->ca->get_ref(this->ca));
 	}
 
+	if (this->digest == -1)
+	{
+		DBG1(DBG_CFG, "invalid load-tester digest: '%s', using sha1", digest);
+		this->digest = HASH_SHA1;
+	}
+
 	load_ca_certs(this);
 
 	return &this->public;