diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2014-01-28 17:26:50 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2014-02-12 14:34:32 +0100 |
| commit | 409adef43cf387deb1cd00bd56dec3cdd7221181 (patch) | |
| tree | d334b9287735ec21f8c9ea0b0b953959dd339233 | |
| parent | eb9b375aa1b65b0af3ceeae9a0bafc39f4329452 (diff) | |
| download | strongswan-409adef43cf387deb1cd00bd56dec3cdd7221181.tar.bz2 strongswan-409adef43cf387deb1cd00bd56dec3cdd7221181.tar.xz | |
libtls: Move settings to <ns>.tls with fallback to libtls
| -rw-r--r-- | man/strongswan.conf.5.in | 25 | ||||
| -rw-r--r-- | src/libtls/tls.c | 1 | ||||
| -rw-r--r-- | src/libtls/tls_crypto.c | 12 |
3 files changed, 21 insertions, 17 deletions
diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in index 40df77881..7696540a3 100644 --- a/man/strongswan.conf.5.in +++ b/man/strongswan.conf.5.in @@ -379,6 +379,18 @@ set this value too low. The number of idle worker threads listed in .I ipsec statusall might be used as indicator on the number of reserved threads. .TP +.BR charon.tls.cipher +List of TLS encryption ciphers +.TP +.BR charon.tls.key_exchange +List of TLS key exchange methods +.TP +.BR charon.tls.mac +List of TLS MAC algorithms +.TP +.BR charon.tls.suites +List of TLS cipher suites +.TP .BR charon.user Name of the user the daemon changes to after startup .TP @@ -946,19 +958,6 @@ Open/close a PAM session for each active IKE_SA .BR charon.plugins.xauth-pam.trim_email " [yes]" If an email address is given as an XAuth username, trim it to just the username part. -.SS libtls section -.TP -.BR libtls.cipher -List of TLS encryption ciphers -.TP -.BR libtls.key_exchange -List of TLS key exchange methods -.TP -.BR libtls.mac -List of TLS MAC algorithms -.TP -.BR libtls.suites -List of TLS cipher suites .SS libtnccs section .TP .BR libtnccs.tnc_config " [/etc/tnc_config]" diff --git a/src/libtls/tls.c b/src/libtls/tls.c index 6d33d843d..6b51e7593 100644 --- a/src/libtls/tls.c +++ b/src/libtls/tls.c @@ -471,6 +471,7 @@ tls_t *tls_create(bool is_server, identification_t *server, .application = application, .purpose = purpose, ); + lib->settings->add_fallback(lib->settings, "%s.tls", "libtls", lib->ns); this->crypto = tls_crypto_create(&this->public, cache); this->alert = tls_alert_create(); diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index 12aa049a2..cc73ebaeb 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -711,7 +711,8 @@ static void filter_key_exchange_config_suites(private_tls_crypto_t *this, int i, remaining = 0; char *token, *config; - config = lib->settings->get_str(lib->settings, "libtls.key_exchange", NULL); + config = lib->settings->get_str(lib->settings, "%s.tls.key_exchange", NULL, + lib->ns); if (config) { for (i = 0; i < *count; i++) @@ -765,7 +766,8 @@ static void filter_cipher_config_suites(private_tls_crypto_t *this, int i, remaining = 0; char *token, *config; - config = lib->settings->get_str(lib->settings, "libtls.cipher", NULL); + config = lib->settings->get_str(lib->settings, "%s.tls.cipher", NULL, + lib->ns); if (config) { for (i = 0; i < *count; i++) @@ -830,7 +832,8 @@ static void filter_mac_config_suites(private_tls_crypto_t *this, int i, remaining = 0; char *token, *config; - config = lib->settings->get_str(lib->settings, "libtls.mac", NULL); + config = lib->settings->get_str(lib->settings, "%s.tls.mac", NULL, + lib->ns); if (config) { for (i = 0; i < *count; i++) @@ -879,7 +882,8 @@ static void filter_specific_config_suites(private_tls_crypto_t *this, int i, remaining = 0, suite; char *token, *config; - config = lib->settings->get_str(lib->settings, "libtls.suites", NULL); + config = lib->settings->get_str(lib->settings, "%s.tls.suites", NULL, + lib->ns); if (config) { for (i = 0; i < *count; i++) |