diff options
author | Tobias Brunner <tobias@strongswan.org> | 2016-11-30 12:44:51 +0100 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2017-02-16 19:24:08 +0100 |
commit | 00bf6a2a492308874c86f909796c5871b94c0568 (patch) | |
tree | dc9b5151a090f581551e9e0af5152ef6e3e7f8f0 /src/swanctl | |
parent | d2e3ff8e0c1a9e1382c9bd7424690c800958c112 (diff) | |
download | strongswan-00bf6a2a492308874c86f909796c5871b94c0568.tar.bz2 strongswan-00bf6a2a492308874c86f909796c5871b94c0568.tar.xz |
vici: Add support to load certificates from tokens
Diffstat (limited to 'src/swanctl')
-rw-r--r-- | src/swanctl/swanctl.opt | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index caae41e88..0bf1243d0 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -292,6 +292,22 @@ connections.<conn>.local<suffix>.certs = certificate request payloads. If no appropriate CA can be located, the first certificate is used. +connections.<conn>.local<suffix>.cert<suffix> = + Section for a certificate candidate to use for authentication. + + Section for a certificate candidate to use for authentication. Certificates + in _certs_ are transmitted as binary blobs, these sections offer more + flexibility. + +connections.<conn>.local<suffix>.cert<suffix>.handle = + Hex-encoded CKA_ID of the certificate on a token. + +connections.<conn>.local<suffix>.cert<suffix>.slot = + Optional slot number of the token that stores the certificate. + +connections.<conn>.local<suffix>.cert<suffix>.module = + Optional PKCS#11 module name. + connections.<conn>.local<suffix>.pubkeys = Comma separated list of raw public key candidates to use for authentication. @@ -419,6 +435,22 @@ connections.<conn>.remote<suffix>.certs = The certificates may use a relative path from the **swanctl** _x509_ directory or an absolute path. +connections.<conn>.remote<suffix>.cert<suffix> = + Section for a certificate to accept for authentication. + + Section for a certificate to accept for authentication. Certificates + in _certs_ are transmitted as binary blobs, these sections offer more + flexibility. + +connections.<conn>.remote<suffix>.cert<suffix>.handle = + Hex-encoded CKA_ID of the certificate on a token. + +connections.<conn>.remote<suffix>.cert<suffix>.slot = + Optional slot number of the token that stores the certificate. + +connections.<conn>.remote<suffix>.cert<suffix>.module = + Optional PKCS#11 module name. + connections.<conn>.remote<suffix>.cacerts = Comma separated list of CA certificates to accept for authentication. @@ -426,6 +458,22 @@ connections.<conn>.remote<suffix>.cacerts = The certificates may use a relative path from the **swanctl** _x509ca_ directory or an absolute path. +connections.<conn>.remote<suffix>.cacert<suffix> = + Section for a CA certificate to accept for authentication. + + Section for a CA certificate to accept for authentication. Certificates + in _cacerts_ are transmitted as binary blobs, these sections offer more + flexibility. + +connections.<conn>.remote<suffix>.cacert<suffix>.handle = + Hex-encoded CKA_ID of the CA certificate on a token. + +connections.<conn>.remote<suffix>.cacert<suffix>.slot = + Optional slot number of the token that stores the CA certificate. + +connections.<conn>.remote<suffix>.cacert<suffix>.module = + Optional PKCS#11 module name. + connections.<conn>.remote<suffix>.pubkeys = Comma separated list of raw public keys to accept for authentication. |