aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/libcharon/plugins/stroke/stroke_cred.c12
-rw-r--r--src/starter/starter.c10
2 files changed, 17 insertions, 5 deletions
diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index f908219ed..83431d17c 100644
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -65,6 +65,11 @@ struct private_stroke_cred_t {
stroke_cred_t public;
/**
+ * secrets file with credential information
+ */
+ char *secrets_file;
+
+ /**
* credentials
*/
mem_cred_t *creds;
@@ -1297,7 +1302,7 @@ METHOD(stroke_cred_t, reread, void,
if (msg->reread.flags & REREAD_SECRETS)
{
DBG1(DBG_CFG, "rereading secrets");
- load_secrets(this, NULL, SECRETS_FILE, 0, prompt);
+ load_secrets(this, NULL, this->secrets_file, 0, prompt);
}
if (msg->reread.flags & REREAD_CACERTS)
{
@@ -1370,6 +1375,9 @@ stroke_cred_t *stroke_cred_create()
.cachecrl = _cachecrl,
.destroy = _destroy,
},
+ .secrets_file = lib->settings->get_str(lib->settings,
+ "%s.plugins.stroke.secrets_file", SECRETS_FILE,
+ lib->ns),
.creds = mem_cred_create(),
);
@@ -1380,7 +1388,7 @@ stroke_cred_t *stroke_cred_create()
FALSE, lib->ns);
load_certs(this);
- load_secrets(this, NULL, SECRETS_FILE, 0, NULL);
+ load_secrets(this, NULL, this->secrets_file, 0, NULL);
return &this->public;
}
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 71f33ae91..ea8a999f0 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -261,10 +261,14 @@ static void fatal_signal_handler(int signal)
#ifdef GENERATE_SELFCERT
static void generate_selfcert()
{
+ const char *secrets_file;
struct stat stb;
+ secrets_file = lib->settings->get_str(lib->settings,
+ "charon.plugins.stroke.secrets_file", SECRETS_FILE);
+
/* if ipsec.secrets file is missing then generate RSA default key pair */
- if (stat(SECRETS_FILE, &stb) != 0)
+ if (stat(secrets_file, &stb) != 0)
{
mode_t oldmask;
FILE *f;
@@ -302,7 +306,7 @@ static void generate_selfcert()
/* ipsec.secrets is root readable only */
oldmask = umask(0066);
- f = fopen(SECRETS_FILE, "w");
+ f = fopen(secrets_file, "w");
if (f)
{
fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
@@ -310,7 +314,7 @@ static void generate_selfcert()
fprintf(f, ": RSA myKey.der\n");
fclose(f);
}
- ignore_result(chown(SECRETS_FILE, uid, gid));
+ ignore_result(chown(secrets_file, uid, gid));
umask(oldmask);
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-20 11:46:27 +0000