diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2017-01-03 17:51:39 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2017-01-03 17:51:39 +0000 |
| commit | 14578659e0f61803f28069c77d0c616ea4ed6d88 (patch) | |
| tree | 22e91f1b3582210972c29fdc055c8b231126abe5 /sbin/iked/iked.c | |
| parent | c72330fb5dccc0202d4eef4fc935ba5d14e234e9 (diff) | |
Fix pledge of the ca process by calling the right function on startup.
As a related change, load the local.pub and local.key keys after
privsep and reload them on SIGHUP/reload.
OK mikeb@
Diffstat (limited to 'sbin/iked/iked.c')
| -rw-r--r-- | sbin/iked/iked.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sbin/iked/iked.c b/sbin/iked/iked.c index 8ebedb2e837..8929975dfa9 100644 --- a/sbin/iked/iked.c +++ b/sbin/iked/iked.c @@ -1,4 +1,4 @@ -/* $OpenBSD: iked.c,v 1.31 2016/09/04 16:55:43 reyk Exp $ */ +/* $OpenBSD: iked.c,v 1.32 2017/01/03 17:51:38 reyk Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -200,6 +200,11 @@ parent_configure(struct iked *env) env->sc_pfkey = -1; config_setpfkey(env, PROC_IKEV2); + /* Send private and public keys to cert after forking the children */ + if (config_setkeys(env) == -1) + fatalx("%s: failed to send keys", __func__); + config_setreset(env, RESET_CA, PROC_CERT); + /* Now compile the policies and calculate skip steps */ config_setcompile(env, PROC_IKEV2); @@ -255,6 +260,8 @@ parent_reload(struct iked *env, int reset, const char *filename) if (reset == RESET_RELOAD) { config_setreset(env, RESET_POLICY, PROC_IKEV2); + if (config_setkeys(env) == -1) + fatalx("%s: failed to send keys", __func__); config_setreset(env, RESET_CA, PROC_CERT); if (parse_config(filename, env) == -1) { |