support for hash and URL encoded certificate payloads in charon

author: Tobias Brunner <tobias@strongswan.org> 2008-04-18 11:24:45 +0000
committer: Tobias Brunner <tobias@strongswan.org> 2008-04-18 11:24:45 +0000
commit: 6439267a8c7f22d2a4a221457fea2a26e2a7ff6d (patch)
tree: cc3b714d0831a09f701d2b64d350e75890d78dbf /src/starter
parent: eed87e1d766a2f74ae0017b01a8fd026dddb7156 (diff)
download: strongswan-6439267a8c7f22d2a4a221457fea2a26e2a7ff6d.tar.bz2
strongswan-6439267a8c7f22d2a4a221457fea2a26e2a7ff6d.tar.xz
6 files changed, 17 insertions, 13 deletions
diff --git a/src/starter/args.c b/src/starter/args.c
index f9e307ed7..84179b673 100644
--- a/src/starter/args.c
+++ b/src/starter/args.c
@@ -1,5 +1,4 @@
 /* automatic handling of confread struct arguments
- * Copyright (C) 2007 Tobias Brunner
  * Copyright (C) 2006 Andreas Steffen
  * Hochschule fuer Technik Rapperswil, Switzerland
  *
@@ -233,6 +232,7 @@ static const token_info_t token_info[] =
     { ARG_STR,  offsetof(starter_ca_t, crluri2), NULL                              },
     { ARG_STR,  offsetof(starter_ca_t, ocspuri), NULL                              },
     { ARG_STR,  offsetof(starter_ca_t, ocspuri2), NULL                             },
+    { ARG_STR,  offsetof(starter_ca_t, certuribase), NULL                          },
 
     /* end keywords */
     { ARG_MISC, 0, NULL  /* KW_HOST */                                             },
diff --git a/src/starter/confread.h b/src/starter/confread.h
index ae25a0843..5c0b714d8 100644
--- a/src/starter/confread.h
+++ b/src/starter/confread.h
@@ -1,6 +1,4 @@
 /* strongSwan IPsec config file parser
- * Copyright (C) 2007 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
  * Copyright (C) 2001-2002 Mathieu Lafon
  * Arkoon Network Security
  *
@@ -154,6 +152,7 @@ struct starter_ca {
 	char		*crluri2;
 	char		*ocspuri;
 	char		*ocspuri2;
+	char        *certuribase;
 
 	bool		strict;
 
diff --git a/src/starter/ipsec.conf.5 b/src/starter/ipsec.conf.5
index 335042fb5..eefd216fb 100644
--- a/src/starter/ipsec.conf.5
+++ b/src/starter/ipsec.conf.5
@@ -858,6 +858,11 @@ synonym for
 .TP
 .B ocspuri2
 defines an alternative OCSP URI. Currently used by IKEv2 only.
+.B certuribase
+defines the base URI for the Hash and URL feature supported by IKEv2.
+Instead of exchanging complete certificates, IKEv2 allows to send an URI
+that resolves to the DER encoded certificate. The certificate URIs are built
+by appending the SHA1 hash of the DER encoded certificates to this base URI.
 .SH "CONFIG SECTIONS"
 At present, the only
 .B config
diff --git a/src/starter/keywords.h b/src/starter/keywords.h
index 84c5ab79a..3ffe0a9dc 100644
--- a/src/starter/keywords.h
+++ b/src/starter/keywords.h
@@ -1,5 +1,4 @@
 /* strongSwan keywords
- * Copyright (C) 2007 Tobias Brunner
  * Copyright (C) 2005 Andreas Steffen
  * Hochschule fuer Technik Rapperswil, Switzerland
  *
@@ -105,9 +104,10 @@ typedef enum {
     KW_CRLURI2,
     KW_OCSPURI,
     KW_OCSPURI2,
+    KW_CERTURIBASE,
 
 #define KW_CA_FIRST	KW_CA_SETUP
-#define KW_CA_LAST	KW_OCSPURI2
+#define KW_CA_LAST	KW_CERTURIBASE
 
    /* end keywords */
     KW_HOST,
diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt
index 470397a9c..79914133d 100644
--- a/src/starter/keywords.txt
+++ b/src/starter/keywords.txt
@@ -1,6 +1,5 @@
 %{
 /* strongSwan keywords
- * Copyright (C) 2007 Tobias Brunner
  * Copyright (C) 2005 Andreas Steffen
  * Hochschule fuer Technik Rapperswil, Switzerland
  *
@@ -89,6 +88,7 @@ crluri2,           KW_CRLURI2
 ocspuri,           KW_OCSPURI
 ocspuri1,          KW_OCSPURI
 ocspuri2,          KW_OCSPURI2
+certuribase,       KW_CERTURIBASE
 left,              KW_LEFT
 leftnexthop,       KW_LEFTNEXTHOP
 leftsubnet,        KW_LEFTSUBNET
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index 1ee7ddc60..d75d25a72 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -1,5 +1,4 @@
 /* Stroke for charon is the counterpart to whack from pluto
- * Copyright (C) 2007 Tobias Brunner
  * Copyright (C) 2006 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -308,12 +307,13 @@ int starter_stroke_add_ca(starter_ca_t *ca)
 
 	msg.type = STR_ADD_CA;
 	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.add_ca.name =     push_string(&msg, ca->name);
-	msg.add_ca.cacert =   push_string(&msg, ca->cacert);
-	msg.add_ca.crluri =   push_string(&msg, ca->crluri);
-	msg.add_ca.crluri2 =  push_string(&msg, ca->crluri2);
-	msg.add_ca.ocspuri =  push_string(&msg, ca->ocspuri);
-	msg.add_ca.ocspuri2 = push_string(&msg, ca->ocspuri2);
+	msg.add_ca.name =        push_string(&msg, ca->name);
+	msg.add_ca.cacert =      push_string(&msg, ca->cacert);
+	msg.add_ca.crluri =      push_string(&msg, ca->crluri);
+	msg.add_ca.crluri2 =     push_string(&msg, ca->crluri2);
+	msg.add_ca.ocspuri =     push_string(&msg, ca->ocspuri);
+	msg.add_ca.ocspuri2 =    push_string(&msg, ca->ocspuri2);
+	msg.add_ca.certuribase = push_string(&msg, ca->certuribase);
 	return send_stroke_msg(&msg);
 }
author	Tobias Brunner <tobias@strongswan.org>	2008-04-18 11:24:45 +0000
committer	Tobias Brunner <tobias@strongswan.org>	2008-04-18 11:24:45 +0000
commit	6439267a8c7f22d2a4a221457fea2a26e2a7ff6d (patch)
tree	cc3b714d0831a09f701d2b64d350e75890d78dbf /src/starter
parent	eed87e1d766a2f74ae0017b01a8fd026dddb7156 (diff)
download	strongswan-6439267a8c7f22d2a4a221457fea2a26e2a7ff6d.tar.bz2 strongswan-6439267a8c7f22d2a4a221457fea2a26e2a7ff6d.tar.xz