vici: Introduce a ca_id option identity based CA certificate constraints
This commit is contained in:
parent
c70201f1e3
commit
3c71a3201f
|
@ -373,6 +373,9 @@ static void log_auth(auth_cfg_t *auth)
|
|||
case AUTH_RULE_IDENTITY:
|
||||
DBG2(DBG_CFG, " id = %Y", v.id);
|
||||
break;
|
||||
case AUTH_RULE_CA_IDENTITY:
|
||||
DBG2(DBG_CFG, " ca_id = %Y", v.id);
|
||||
break;
|
||||
case AUTH_RULE_AAA_IDENTITY:
|
||||
DBG2(DBG_CFG, " aaa_id = %Y", v.id);
|
||||
break;
|
||||
|
@ -1360,6 +1363,15 @@ CALLBACK(parse_ike_id, bool,
|
|||
return parse_id(cfg, AUTH_RULE_IDENTITY, v);
|
||||
}
|
||||
|
||||
/**
|
||||
* Parse CA identity constraint
|
||||
*/
|
||||
CALLBACK(parse_ca_id, bool,
|
||||
auth_cfg_t *cfg, chunk_t v)
|
||||
{
|
||||
return parse_id(cfg, AUTH_RULE_CA_IDENTITY, v);
|
||||
}
|
||||
|
||||
/**
|
||||
* Parse AAA identity
|
||||
*/
|
||||
|
@ -1755,6 +1767,7 @@ CALLBACK(auth_kv, bool,
|
|||
parse_rule_t rules[] = {
|
||||
{ "auth", parse_auth, auth->cfg },
|
||||
{ "id", parse_ike_id, auth->cfg },
|
||||
{ "ca_id", parse_ca_id, auth->cfg },
|
||||
{ "aaa_id", parse_aaa_id, auth->cfg },
|
||||
{ "eap_id", parse_eap_id, auth->cfg },
|
||||
{ "xauth_id", parse_xauth_id, auth->cfg },
|
||||
|
|
|
@ -765,6 +765,9 @@ static void build_auth_cfgs(peer_cfg_t *peer_cfg, bool local, vici_builder_t *b)
|
|||
case AUTH_RULE_IDENTITY:
|
||||
b->add_kv(b, "id", "%Y", v.id);
|
||||
break;
|
||||
case AUTH_RULE_CA_IDENTITY:
|
||||
b->add_kv(b, "ca_id", "%Y", v.id);
|
||||
break;
|
||||
case AUTH_RULE_AAA_IDENTITY:
|
||||
b->add_kv(b, "aaa_id", "%Y", v.id);
|
||||
break;
|
||||
|
|
Loading…
Reference in New Issue