aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2016-02-01 18:15:57 +0100
committerTobias Brunner <tobias@strongswan.org>2016-03-04 16:19:53 +0100
commite37e6d6dcaee842b6d8a5be2d271f560f86fabcc (patch)
tree4ba98a30f5f7e98ca044cdb1f92b6c0d7fdaa8a0 /src
parentc8a0781334a1ebb43b31c613a0538d3ea364bf4c (diff)
downloadstrongswan-e37e6d6dcaee842b6d8a5be2d271f560f86fabcc.tar.bz2
strongswan-e37e6d6dcaee842b6d8a5be2d271f560f86fabcc.tar.xz
ikev2: Always store signature scheme in auth-cfg
As we use a different rule we can always store the scheme.
Diffstat (limited to 'src')
-rw-r--r--src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c13
1 files changed, 1 insertions, 12 deletions
diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index 64cd775ad..110c50973 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -55,11 +55,6 @@ struct private_pubkey_authenticator_t {
* Reserved bytes of ID payload
*/
char reserved[3];
-
- /**
- * Whether to store signature schemes on remote auth configs.
- */
- bool store_signature_scheme;
};
/**
@@ -425,11 +420,7 @@ METHOD(authenticator_t, process, status_t,
status = SUCCESS;
auth->merge(auth, current_auth, FALSE);
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
- if (this->store_signature_scheme)
- {
- auth->add(auth, AUTH_RULE_IKE_SIGNATURE_SCHEME,
- (uintptr_t)scheme);
- }
+ auth->add(auth, AUTH_RULE_IKE_SIGNATURE_SCHEME, (uintptr_t)scheme);
break;
}
else
@@ -502,8 +493,6 @@ pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa,
.ike_sa = ike_sa,
.ike_sa_init = received_init,
.nonce = sent_nonce,
- .store_signature_scheme = lib->settings->get_bool(lib->settings,
- "%s.signature_authentication_constraints", TRUE, lib->ns),
);
memcpy(this->reserved, reserved, sizeof(this->reserved));