tkm: Disable RFC 7427 signature authentication

TKM can't verify such signatures so we'd fail in the authorize hook. Skipping the algorithm identifier doesn't help if the peer uses anything other than SHA-1, so config changes would be required.
author: Tobias Brunner <tobias@strongswan.org> 2015-03-06 16:10:41 +0100
committer: Tobias Brunner <tobias@strongswan.org> 2015-03-09 16:59:07 +0100
commit: ab65a3e8fc1a3ca4c6e72e11af84d2f51abf6db9 (patch)
tree: f5930ca0eb640af08037a0ed6d4af6ddc6876941 /src
parent: 708dff0700889f46aae0023b0e97d987425ae901 (diff)
download: strongswan-ab65a3e8fc1a3ca4c6e72e11af84d2f51abf6db9.tar.bz2
strongswan-ab65a3e8fc1a3ca4c6e72e11af84d2f51abf6db9.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c
index a6770fc50..7c60f0ca8 100644
--- a/src/charon-tkm/src/charon-tkm.c
+++ b/src/charon-tkm/src/charon-tkm.c
@@ -276,6 +276,10 @@ int main(int argc, char *argv[])
 		goto deinit;
 	}
 
+	/* the authorize hook currently does not support RFC 7427 signature auth */
+	lib->settings->set_bool(lib->settings, "%s.signature_authentication", FALSE,
+							dmn_name);
+
 	/* make sure we log to the DAEMON facility by default */
 	lib->settings->set_int(lib->settings, "%s.syslog.daemon.default",
 			lib->settings->get_int(lib->settings, "%s.syslog.daemon.default", 1,
author	Tobias Brunner <tobias@strongswan.org>	2015-03-06 16:10:41 +0100
committer	Tobias Brunner <tobias@strongswan.org>	2015-03-09 16:59:07 +0100
commit	ab65a3e8fc1a3ca4c6e72e11af84d2f51abf6db9 (patch)
tree	f5930ca0eb640af08037a0ed6d4af6ddc6876941 /src
parent	708dff0700889f46aae0023b0e97d987425ae901 (diff)
download	strongswan-ab65a3e8fc1a3ca4c6e72e11af84d2f51abf6db9.tar.bz2 strongswan-ab65a3e8fc1a3ca4c6e72e11af84d2f51abf6db9.tar.xz