generation of default key

author: Andreas Steffen <andreas.steffen@strongswan.org> 2006-07-03 06:21:56 +0000
committer: Andreas Steffen <andreas.steffen@strongswan.org> 2006-07-03 06:21:56 +0000
commit: 5c149670df611955e5860540537aa53dfebeae4c (patch)
tree: 6bf96591b742a14b501cd183036f1468b5c57d22
parent: 0e3cb317e22c7d863ba5b80c62dad030119726fb (diff)
download: strongswan-5c149670df611955e5860540537aa53dfebeae4c.tar.bz2
strongswan-5c149670df611955e5860540537aa53dfebeae4c.tar.xz
1 files changed, 23 insertions, 0 deletions
diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c
index e9485982c..1a03dff20 100644
--- a/src/starter/invokecharon.c
+++ b/src/starter/invokecharon.c
@@ -124,6 +124,29 @@ starter_start_charon (starter_config_t *cfg, bool debug)
 	unlink(CHARON_CTL_FILE);
 	_stop_requested = 0;
 
+	/* if ipsec.secrets file is missing then generate RSA default key pair */
+	if (stat(SECRETS_FILE, &stb) != 0)
+	{
+	    mode_t oldmask;
+	    FILE *f;
+
+	    plog("no %s file, generating RSA key", SECRETS_FILE);
+	    system("ipsec scepclient --out pkcs1 --out cert-self --quiet");
+
+	    /* ipsec.secrets is root readable only */
+	    oldmask = umask(0066);
+
+	    f = fopen(SECRETS_FILE, "w");
+	    if (f)
+	    {
+		fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
+		fprintf(f, "\n");
+		fprintf(f, ": RSA myKey.der\n");
+		fclose(f);
+	    }
+	    umask(oldmask);
+	}
+
 	pid = fork();
 	switch (pid)
 	{
author	Andreas Steffen <andreas.steffen@strongswan.org>	2006-07-03 06:21:56 +0000
committer	Andreas Steffen <andreas.steffen@strongswan.org>	2006-07-03 06:21:56 +0000
commit	5c149670df611955e5860540537aa53dfebeae4c (patch)
tree	6bf96591b742a14b501cd183036f1468b5c57d22
parent	0e3cb317e22c7d863ba5b80c62dad030119726fb (diff)
download	strongswan-5c149670df611955e5860540537aa53dfebeae4c.tar.bz2 strongswan-5c149670df611955e5860540537aa53dfebeae4c.tar.xz