diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-02-08 13:36:32 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2012-02-08 13:36:32 +0100 |
| commit | 7efde9011e9ef68361dfe0860d98a19847617db1 (patch) | |
| tree | a2d7218188510de98a4879496beb984c3c231e42 /src | |
| parent | e01751035eddace1f165868eb13680de5df5ffe2 (diff) | |
| download | strongswan-7efde9011e9ef68361dfe0860d98a19847617db1.tar.bz2 strongswan-7efde9011e9ef68361dfe0860d98a19847617db1.tar.xz | |
pluto: Drop support for legacy PSK format.
Any line in ipsec.secrets starting with " or ' was treated as PSK
without ID selectors by pluto. This prevented it from supporting DNs
like "C=CH, O=Linux strongSwan, OU=Sales, CN=alice@strongswan.org" as
ID selectors.
PSKs defined in this legacy format can easily be updated by changing
"thisIsASecret"
into
: PSK "thisIsASecret"
Diffstat (limited to 'src')
| -rw-r--r-- | src/pluto/keys.c | 17 |
1 files changed, 2 insertions, 15 deletions
diff --git a/src/pluto/keys.c b/src/pluto/keys.c index a204d86cb..00976882d 100644 --- a/src/pluto/keys.c +++ b/src/pluto/keys.c @@ -835,14 +835,7 @@ static void process_secret(secret_t *s, int whackfd) err_t ugh = NULL; s->kind = SECRET_PSK; /* default */ - if (*tok == '"' || *tok == '\'') - { - log_psk("PSK", s); - - /* old PSK format: just a string */ - ugh = process_psk_secret(&s->u.preshared_secret); - } - else if (tokeqword("psk")) + if (tokeqword("psk")) { log_psk("PSK", s); @@ -989,13 +982,7 @@ static void process_secret_records(int whackfd) for (;;) { - if (tok[0] == '"' || tok[0] == '\'') - { - /* found key part */ - process_secret(s, whackfd); - break; - } - else if (tokeq(":")) + if (tokeq(":")) { /* found key part */ shift(); /* discard explicit separator */ |