ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

tkm: Disable RFC 7427 signature authentication 

TKM can't verify such signatures so we'd fail in the authorize hook.
Skipping the algorithm identifier doesn't help if the peer uses
anything other than SHA-1, so config changes would be required.
This commit is contained in:
Tobias Brunner 2015-03-06 16:10:41 +01:00
parent 708dff0700
commit ab65a3e8fc
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/charon-tkm/src/charon-tkm.c
View File

@ -276,6 +276,10 @@ int main(int argc, char *argv[])
goto deinit;
}
/* the authorize hook currently does not support RFC 7427 signature auth */
lib->settings->set_bool(lib->settings, "%s.signature_authentication", FALSE,
dmn_name);
/* make sure we log to the DAEMON facility by default */
lib->settings->set_int(lib->settings, "%s.syslog.daemon.default",
lib->settings->get_int(lib->settings, "%s.syslog.daemon.default", 1,