ECDSA with OpenSSL

2 files changed, 10 insertions, 9 deletions

diff --git a/src/starter/confread.c b/src/starter/confread.c
index d1777cd61..3794992e7 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -535,10 +535,12 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
 				/* also handles the cases secret|rsasig and rsasig|secret */
 				for (;;)
 				{
-					if (streq(value, "rsasig"))
+					if (streq(value, "rsa") || streq(value, "rsasig"))
 						conn->policy |= POLICY_RSASIG | POLICY_ENCRYPT;
 					else if (streq(value, "secret") || streq(value, "psk"))
 						conn->policy |= POLICY_PSK | POLICY_ENCRYPT;
+					else if (streq(value, "ecdsa") || streq(value, "ecdsasig"))
+						conn->policy |= POLICY_ECDSASIG | POLICY_ENCRYPT;
 					else if (streq(value, "xauthrsasig"))
 						conn->policy |= POLICY_XAUTH_RSASIG | POLICY_ENCRYPT;
 					else if (streq(value, "xauthpsk"))
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index b3b08817c..0183c26c7 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -38,13 +38,12 @@
 #include "files.h"
 
 /**
- * Authentication mehtods, must be the same values as in charon
+ * Authentication mehtods, must be the same as in charon
  */
 enum auth_method_t {
-	AUTH_RSA = 1,
-	AUTH_PSK = 2,
-	AUTH_DSS = 3,
-	AUTH_EAP = 201,
+	AUTH_PUBKEY = 0,
+	AUTH_PSK,
+	AUTH_EAP,
 };
 
 static char* push_string(stroke_msg_t *msg, char *string)
@@ -213,10 +212,10 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
 	msg.add_conn.ikev2 = conn->keyexchange == KEY_EXCHANGE_IKEV2;
 	msg.add_conn.name = push_string(&msg, connection_name(conn));
 	
-	/* RSA is preferred before PSK and EAP */
-	if (conn->policy & POLICY_RSASIG)
+	/* PUBKEY is preferred to PSK and EAP */
+	if (conn->policy & POLICY_RSASIG || conn->policy & POLICY_ECDSASIG)
 	{
-		msg.add_conn.auth_method = AUTH_RSA;
+		msg.add_conn.auth_method = AUTH_PUBKEY;
 	}
 	else if (conn->policy & POLICY_PSK)
 	{