summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHans-Joerg Hoexer <hshoexer@cvs.openbsd.org>2006-02-02 14:42:24 +0000
committerHans-Joerg Hoexer <hshoexer@cvs.openbsd.org>2006-02-02 14:42:24 +0000
commita54bbb02a56d8fbc163ea0eaec980c9ac8ee7b7e (patch)
tree9309823e2ff570377dad08d9cda7a035b7258fc2
parent985ba0fae1781ab2645b5e4f5fb86ad02bc51db5 (diff)
Two fixes: generate default main mode config when using PSK, added missing
force (with naddy@) ok reyk@ naddy@
Diffstat
-rw-r--r--sbin/ipsecctl/ike.c10
1 files changed, 3 insertions, 7 deletions
diff --git a/sbin/ipsecctl/ike.c b/sbin/ipsecctl/ike.c
index b55b2d702fb..cd55ee3d06f 100644
--- a/sbin/ipsecctl/ike.c
+++ b/sbin/ipsecctl/ike.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike.c,v 1.15 2006/01/17 00:05:42 deraadt Exp $ */
+/* $OpenBSD: ike.c,v 1.16 2006/02/02 14:42:23 hshoexer Exp $ */
/*
* Copyright (c) 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
*
@@ -184,9 +184,6 @@ static int
ike_section_mm(struct ipsec_addr_wrap *peer, struct ipsec_transforms *mmxfs,
FILE *fd, struct ike_auth *auth)
{
- if (!(mmxfs->authxf || mmxfs->encxf))
- return (0);
-
fprintf(fd, SET "[peer-%s]:Configuration=mm-%s force\n", peer->name,
peer->name);
fprintf(fd, SET "[mm-%s]:EXCHANGE_TYPE=ID_PROT force\n", peer->name);
@@ -233,9 +230,8 @@ ike_section_mm(struct ipsec_addr_wrap *peer, struct ipsec_transforms *mmxfs,
fprintf(fd, "SHA");
if (auth->type == IKE_AUTH_RSA)
- fprintf(fd, "-RSA_SIG\n");
- else
- fprintf(fd, "\n");
+ fprintf(fd, "-RSA_SIG");
+ fprintf(fd, " force\n");
return (0);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-30 12:06:45 +0000