libtls: Move settings to <ns>.tls with fallback to libtls
This commit is contained in:
parent
eb9b375aa1
commit
409adef43c
|
@ -379,6 +379,18 @@ set this value too low. The number of idle worker threads listed in
|
|||
.I ipsec statusall
|
||||
might be used as indicator on the number of reserved threads.
|
||||
.TP
|
||||
.BR charon.tls.cipher
|
||||
List of TLS encryption ciphers
|
||||
.TP
|
||||
.BR charon.tls.key_exchange
|
||||
List of TLS key exchange methods
|
||||
.TP
|
||||
.BR charon.tls.mac
|
||||
List of TLS MAC algorithms
|
||||
.TP
|
||||
.BR charon.tls.suites
|
||||
List of TLS cipher suites
|
||||
.TP
|
||||
.BR charon.user
|
||||
Name of the user the daemon changes to after startup
|
||||
.TP
|
||||
|
@ -946,19 +958,6 @@ Open/close a PAM session for each active IKE_SA
|
|||
.BR charon.plugins.xauth-pam.trim_email " [yes]"
|
||||
If an email address is given as an XAuth username, trim it to just the
|
||||
username part.
|
||||
.SS libtls section
|
||||
.TP
|
||||
.BR libtls.cipher
|
||||
List of TLS encryption ciphers
|
||||
.TP
|
||||
.BR libtls.key_exchange
|
||||
List of TLS key exchange methods
|
||||
.TP
|
||||
.BR libtls.mac
|
||||
List of TLS MAC algorithms
|
||||
.TP
|
||||
.BR libtls.suites
|
||||
List of TLS cipher suites
|
||||
.SS libtnccs section
|
||||
.TP
|
||||
.BR libtnccs.tnc_config " [/etc/tnc_config]"
|
||||
|
|
|
@ -471,6 +471,7 @@ tls_t *tls_create(bool is_server, identification_t *server,
|
|||
.application = application,
|
||||
.purpose = purpose,
|
||||
);
|
||||
lib->settings->add_fallback(lib->settings, "%s.tls", "libtls", lib->ns);
|
||||
|
||||
this->crypto = tls_crypto_create(&this->public, cache);
|
||||
this->alert = tls_alert_create();
|
||||
|
|
|
@ -711,7 +711,8 @@ static void filter_key_exchange_config_suites(private_tls_crypto_t *this,
|
|||
int i, remaining = 0;
|
||||
char *token, *config;
|
||||
|
||||
config = lib->settings->get_str(lib->settings, "libtls.key_exchange", NULL);
|
||||
config = lib->settings->get_str(lib->settings, "%s.tls.key_exchange", NULL,
|
||||
lib->ns);
|
||||
if (config)
|
||||
{
|
||||
for (i = 0; i < *count; i++)
|
||||
|
@ -765,7 +766,8 @@ static void filter_cipher_config_suites(private_tls_crypto_t *this,
|
|||
int i, remaining = 0;
|
||||
char *token, *config;
|
||||
|
||||
config = lib->settings->get_str(lib->settings, "libtls.cipher", NULL);
|
||||
config = lib->settings->get_str(lib->settings, "%s.tls.cipher", NULL,
|
||||
lib->ns);
|
||||
if (config)
|
||||
{
|
||||
for (i = 0; i < *count; i++)
|
||||
|
@ -830,7 +832,8 @@ static void filter_mac_config_suites(private_tls_crypto_t *this,
|
|||
int i, remaining = 0;
|
||||
char *token, *config;
|
||||
|
||||
config = lib->settings->get_str(lib->settings, "libtls.mac", NULL);
|
||||
config = lib->settings->get_str(lib->settings, "%s.tls.mac", NULL,
|
||||
lib->ns);
|
||||
if (config)
|
||||
{
|
||||
for (i = 0; i < *count; i++)
|
||||
|
@ -879,7 +882,8 @@ static void filter_specific_config_suites(private_tls_crypto_t *this,
|
|||
int i, remaining = 0, suite;
|
||||
char *token, *config;
|
||||
|
||||
config = lib->settings->get_str(lib->settings, "libtls.suites", NULL);
|
||||
config = lib->settings->get_str(lib->settings, "%s.tls.suites", NULL,
|
||||
lib->ns);
|
||||
if (config)
|
||||
{
|
||||
for (i = 0; i < *count; i++)
|
||||
|
|
Loading…
Reference in New Issue