diff options
| author | Martin Willi <martin@revosec.ch> | 2010-11-25 15:27:31 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2011-01-05 16:45:53 +0100 |
| commit | a73e040cd5e21e91dbaea3d360e6c7fb24b37872 (patch) | |
| tree | b6b2d01a782a3cae834fe67691a282dd00fb41b3 /src/conftest/config.c | |
| parent | 963b4d9477fb77a86483f07b5b51bbc859b5aef6 (diff) | |
| download | strongswan-a73e040cd5e21e91dbaea3d360e6c7fb24b37872.tar.bz2 strongswan-a73e040cd5e21e91dbaea3d360e6c7fb24b37872.tar.xz | |
Added key strength constraints support to conftest
Diffstat (limited to 'src/conftest/config.c')
| -rw-r--r-- | src/conftest/config.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/conftest/config.c b/src/conftest/config.c index cd74dcb39..77a8facb3 100644 --- a/src/conftest/config.c +++ b/src/conftest/config.c @@ -244,6 +244,7 @@ static peer_cfg_t *load_peer_config(private_config_t *this, enumerator_t *enumerator; identification_t *lid, *rid; char *child; + uintptr_t strength; ike_cfg = load_ike_config(this, settings, config); peer_cfg = peer_cfg_create(config, 2, ike_cfg, CERT_ALWAYS_SEND, @@ -261,6 +262,16 @@ static peer_cfg_t *load_peer_config(private_config_t *this, auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); rid = identification_create_from_string( settings->get_str(settings, "configs.%s.rid", "%any", config)); + strength = settings->get_int(settings, "configs.%s.rsa_strength", 0); + if (strength) + { + auth->add(auth, AUTH_RULE_RSA_STRENGTH, strength); + } + strength = settings->get_int(settings, "configs.%s.ecdsa_strength", 0); + if (strength) + { + auth->add(auth, AUTH_RULE_ECDSA_STRENGTH, strength); + } auth->add(auth, AUTH_RULE_IDENTITY, rid); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); |