From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 17 Apr 2013 15:32:37 +0000 (+0200)
Subject: stroke: Add second password if provided
X-Git-Tag: 5.1.0dr1~149^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6040eff9006940680a5668bbff5343b7b53cf9e5;p=thirdparty%2Fstrongswan.git

stroke: Add second password if provided
---

diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index 22e7ddfbef..6b37ac7877 100644
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -921,6 +921,19 @@ static bool load_from_file(chunk_t line, int line_nr, FILE *prompt,
 		shared = shared_key_create(SHARED_PRIVATE_KEY_PASS, secret);
 		mem = mem_cred_create();
 		mem->add_shared(mem, shared, NULL);
+		if (eat_whitespace(&line))
+		{	/* if there is a second passphrase add that too, could be needed for
+			 * PKCS#12 files using different passwords for MAC and encryption */
+			ugh = extract_secret(&secret, &line);
+			if (ugh != NULL)
+			{
+				DBG1(DBG_CFG, "line %d: malformed passphrase: %s", line_nr, ugh);
+				mem->destroy(mem);
+				return FALSE;
+			}
+			shared = shared_key_create(SHARED_PRIVATE_KEY_PASS, secret);
+			mem->add_shared(mem, shared, NULL);
+		}
 		lib->credmgr->add_local_set(lib->credmgr, &mem->set, FALSE);
 
 		*result = lib->creds->create(lib->creds, type, subtype,