diff options
Diffstat (limited to 'user/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch')
| -rw-r--r-- | user/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch | 131 |
1 files changed, 0 insertions, 131 deletions
diff --git a/user/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch b/user/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch deleted file mode 100644 index 94814e13d..000000000 --- a/user/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 61556ac61b9d7c564dfe13d5cf549a53f889ae36 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> -Date: Mon, 21 Sep 2015 13:42:05 +0300 -Subject: [PATCH] vici: send certificates for ike-sa events -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Timo Teräs <timo.teras@iki.fi> ---- - src/libcharon/plugins/vici/vici_query.c | 48 ++++++++++++++++++++++++++++----- - 1 file changed, 41 insertions(+), 7 deletions(-) - -diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c -index c0f4e2de9..309a11c03 100644 ---- a/src/libcharon/plugins/vici/vici_query.c -+++ b/src/libcharon/plugins/vici/vici_query.c -@@ -337,7 +337,7 @@ static void list_vips(private_vici_query_t *this, vici_builder_t *b, - * List details of an IKE_SA - */ - static void list_ike(private_vici_query_t *this, vici_builder_t *b, -- ike_sa_t *ike_sa, time_t now) -+ ike_sa_t *ike_sa, time_t now, bool add_certs) - { - time_t t; - ike_sa_id_t *id; -@@ -345,6 +345,8 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b, - proposal_t *proposal; - uint16_t alg, ks; - host_t *host; -+ auth_cfg_t *auth_cfg; -+ enumerator_t *enumerator; - - b->add_kv(b, "uniqueid", "%u", ike_sa->get_unique_id(ike_sa)); - b->add_kv(b, "version", "%u", ike_sa->get_version(ike_sa)); -@@ -354,11 +356,43 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b, - b->add_kv(b, "local-host", "%H", host); - b->add_kv(b, "local-port", "%d", host->get_port(host)); - b->add_kv(b, "local-id", "%Y", ike_sa->get_my_id(ike_sa)); -+ if (add_certs) -+ { -+ enumerator = ike_sa->create_auth_cfg_enumerator(ike_sa, TRUE); -+ if (enumerator->enumerate(enumerator, &auth_cfg)) -+ { -+ certificate_t *cert = auth_cfg->get(auth_cfg, AUTH_RULE_SUBJECT_CERT); -+ chunk_t encoding; -+ -+ if (cert && cert->get_encoding(cert, CERT_ASN1_DER, &encoding)) -+ { -+ b->add(b, VICI_KEY_VALUE, "local-cert-data", encoding); -+ free(encoding.ptr); -+ } -+ } -+ enumerator->destroy(enumerator); -+ } - - host = ike_sa->get_other_host(ike_sa); - b->add_kv(b, "remote-host", "%H", host); - b->add_kv(b, "remote-port", "%d", host->get_port(host)); - b->add_kv(b, "remote-id", "%Y", ike_sa->get_other_id(ike_sa)); -+ if (add_certs) -+ { -+ enumerator = ike_sa->create_auth_cfg_enumerator(ike_sa, FALSE); -+ if (enumerator->enumerate(enumerator, &auth_cfg)) -+ { -+ certificate_t *cert = auth_cfg->get(auth_cfg, AUTH_RULE_SUBJECT_CERT); -+ chunk_t encoding; -+ -+ if (cert && cert->get_encoding(cert, CERT_ASN1_DER, &encoding)) -+ { -+ b->add(b, VICI_KEY_VALUE, "remote-cert-data", encoding); -+ free(encoding.ptr); -+ } -+ } -+ enumerator->destroy(enumerator); -+ } - - eap = ike_sa->get_other_eap_id(ike_sa); - -@@ -476,7 +510,7 @@ CALLBACK(list_sas, vici_message_t*, - b = vici_builder_create(); - b->begin_section(b, ike_sa->get_name(ike_sa)); - -- list_ike(this, b, ike_sa, now); -+ list_ike(this, b, ike_sa, now, TRUE); - - b->begin_section(b, "child-sas"); - csas = ike_sa->create_child_sa_enumerator(ike_sa); -@@ -1624,7 +1658,7 @@ METHOD(listener_t, ike_updown, bool, - } - - b->begin_section(b, ike_sa->get_name(ike_sa)); -- list_ike(this, b, ike_sa, now); -+ list_ike(this, b, ike_sa, now, up); - b->end_section(b); - - this->dispatcher->raise_event(this->dispatcher, -@@ -1649,10 +1683,10 @@ METHOD(listener_t, ike_rekey, bool, - b = vici_builder_create(); - b->begin_section(b, old->get_name(old)); - b->begin_section(b, "old"); -- list_ike(this, b, old, now); -+ list_ike(this, b, old, now, TRUE); - b->end_section(b); - b->begin_section(b, "new"); -- list_ike(this, b, new, now); -+ list_ike(this, b, new, now, TRUE); - b->end_section(b); - b->end_section(b); - -@@ -1682,7 +1716,7 @@ METHOD(listener_t, child_updown, bool, - } - - b->begin_section(b, ike_sa->get_name(ike_sa)); -- list_ike(this, b, ike_sa, now); -+ list_ike(this, b, ike_sa, now, up); - b->begin_section(b, "child-sas"); - - b->begin_section(b, child_sa->get_name(child_sa)); -@@ -1714,7 +1748,7 @@ METHOD(listener_t, child_rekey, bool, - b = vici_builder_create(); - - b->begin_section(b, ike_sa->get_name(ike_sa)); -- list_ike(this, b, ike_sa, now); -+ list_ike(this, b, ike_sa, now, TRUE); - b->begin_section(b, "child-sas"); - - b->begin_section(b, old->get_name(old)); --- -2.12.1 - |