Gitiles
Code Review Sign In
android-review.linaro.org / platform / external / ipsec-tools / e9fc376dc7e9ee22358b872c3eb2808fa42160f0^! / . / setup.c
commite9fc376dc7e9ee22358b872c3eb2808fa42160f0[log] [tgz]
authorChia-chi Yeh <chiachi@android.com>Thu Jul 07 03:20:34 2011 -0700
committerChia-chi Yeh <chiachi@android.com>Thu Jul 07 03:42:05 2011 -0700
tree3834c809e43ab43c8dd7d21d84d7e9b5a111cfec
parentf8a6a7636d53a5730c58ae041e4e09ae12e1657c [diff] [blame]
ipsec-tools: Support IPSec RSA sessions again.

This change supports command-line usage and android service at
the same time. It also removes the access to native keystore.

Change-Id: Ia3d931b0ba8f83624d668de97c9dfc10280bef3b

diff --git a/setup.c b/setup.c
index eb575ce..7a30078 100644
--- a/setup.c
+++ b/setup.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2009 The Android Open Source Project
+ * Copyright (C) 2011 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -123,6 +123,7 @@
     localconf.port_isakmp = PORT_ISAKMP;
     localconf.port_isakmp_natt = PORT_ISAKMP_NATT;
     localconf.default_af = AF_INET;
+    localconf.pathinfo[LC_PATHTYPE_CERT] = "./";
     localconf.pad_random = LC_DEFAULT_PAD_RANDOM;
     localconf.pad_randomlen = LC_DEFAULT_PAD_RANDOM;
     localconf.pad_strict = LC_DEFAULT_PAD_STRICT;
@@ -335,14 +336,28 @@
         spdadd(myaddrs[0].addr, target, IPPROTO_UDP, NULL, NULL);
         remoteconf->myprivfile = argv[5];
         remoteconf->mycertfile = argv[6];
-        remoteconf->cacertfile = argv[7];
+        remoteconf->mycert = eay_get_x509cert(argv[6]);
+        if (!remoteconf->mycert) {
+            do_plog(LLV_ERROR, "Cannot load user certificate\n");
+            exit(1);
+        }
+        if (!*argv[7]) {
+            remoteconf->verify_cert = FALSE;
+        } else {
+            remoteconf->cacertfile = argv[7];
+            remoteconf->cacert = eay_get_x509cert(argv[7]);
+            if (!remoteconf->cacert) {
+                do_plog(LLV_ERROR, "Cannot load CA certificate\n");
+                exit(1);
+            }
+        }
         remoteconf->idvtype = IDTYPE_ASN1DN;
         auth = OAKLEY_ATTR_AUTH_METHOD_RSASIG;
     } else {
         printf("Usage: %s <interface> <server> [...],\n"
                "    where [...] can be:\n"
                "    udppsk <port> <pre-shared-key>\n"
-               "    udprsa <port> <my-private-key> <my-cert> <ca-cert>\n",
+               "    udprsa <port> <user-private-key> <user-cert> <ca-cert>\n",
                argv[0]);
         exit(0);
     }
@@ -400,7 +415,11 @@
 
 void getpathname(char *path, int length, int type, const char *name)
 {
-    strncpy(path, name, length);
+    if (localconf.chroot) {
+        snprintf(path, length, localconf.chroot, name);
+    } else {
+        strncpy(path, name, length);
+    }
 }
 
 /* sainfo.h */