added workaround to parse PEM encoded PGP key with KEY_RSA

author: Martin Willi <martin@strongswan.org> 2009-08-28 17:25:07 +0200
committer: Martin Willi <martin@strongswan.org> 2009-08-28 17:25:07 +0200
commit: bf3b8c90d0bb3c602d585026bee83f2201d2a088 (patch)
tree: 7488f437252c58fb5c50348b3e43b9898327efdb /src/libstrongswan/plugins/pem
parent: 4593ef51fddee237dca08faafdd004ada18ef841 (diff)
download: strongswan-bf3b8c90d0bb3c602d585026bee83f2201d2a088.tar.bz2
strongswan-bf3b8c90d0bb3c602d585026bee83f2201d2a088.tar.xz
1 files changed, 7 insertions, 0 deletions
diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c
index ed9b2304c..2008067cd 100644
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@@ -392,6 +392,13 @@ static void *build_from_blob(private_builder_t *this, chunk_t blob)
 			chunk_clear(&blob);
 			return NULL;
 		}
+		if (pgp && this->type == CRED_PRIVATE_KEY)
+		{
+			/* PGP encoded keys are parsed with a KEY_ANY key type, as it
+			 * can contain any type of key. However, ipsec.secrets uses
+			 * RSA for PGP keys, which is actually wrong. */
+			this->subtype = KEY_ANY;
+		}
 	}
 	cred = lib->creds->create(lib->creds, this->type, this->subtype,
 							  pgp ? BUILD_BLOB_PGP : BUILD_BLOB_ASN1_DER, blob,
author	Martin Willi <martin@strongswan.org>	2009-08-28 17:25:07 +0200
committer	Martin Willi <martin@strongswan.org>	2009-08-28 17:25:07 +0200
commit	bf3b8c90d0bb3c602d585026bee83f2201d2a088 (patch)
tree	7488f437252c58fb5c50348b3e43b9898327efdb /src/libstrongswan/plugins/pem
parent	4593ef51fddee237dca08faafdd004ada18ef841 (diff)
download	strongswan-bf3b8c90d0bb3c602d585026bee83f2201d2a088.tar.bz2 strongswan-bf3b8c90d0bb3c602d585026bee83f2201d2a088.tar.xz