diff options
| author | Peter Hessler <phessler@cvs.openbsd.org> | 2020-11-05 19:28:29 +0000 |
|---|---|---|
| committer | Peter Hessler <phessler@cvs.openbsd.org> | 2020-11-05 19:28:29 +0000 |
| commit | ea4968d4c89d18f758256afafecdced32d7f8136 (patch) | |
| tree | 3e47eef745dc6be56589437aa3bb0c32432bc007 /sys | |
| parent | 54d3cff2c8d623786765dca136180c1f6ee1cf9f (diff) | |
Enable support for ASN1_DN ipsec identifiers.
Tested with multiple Window 10 Pro (ver 2004) clients, and OpenBSD+iked
as the server.
OK tobhe@ sthen@ kn@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pfkeyv2.h | 5 | ||||
| -rw-r--r-- | sys/net/pfkeyv2_convert.c | 8 | ||||
| -rw-r--r-- | sys/netinet/ip_ipsp.h | 3 |
3 files changed, 12 insertions, 4 deletions
diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h index 0c16f9dd751..6bf38870029 100644 --- a/sys/net/pfkeyv2.h +++ b/sys/net/pfkeyv2.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2.h,v 1.84 2020/08/07 20:12:15 tobhe Exp $ */ +/* $OpenBSD: pfkeyv2.h,v 1.85 2020/11/05 19:28:27 phessler Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) January 1998 * @@ -351,7 +351,8 @@ struct sadb_x_counter { #define SADB_IDENTTYPE_PREFIX 1 #define SADB_IDENTTYPE_FQDN 2 #define SADB_IDENTTYPE_USERFQDN 3 -#define SADB_IDENTTYPE_MAX 3 +#define SADB_IDENTTYPE_ASN1_DN 4 +#define SADB_IDENTTYPE_MAX 4 #define SADB_KEY_FLAGS_MAX 0 diff --git a/sys/net/pfkeyv2_convert.c b/sys/net/pfkeyv2_convert.c index 1d3487b2eb5..1d79e925c6c 100644 --- a/sys/net/pfkeyv2_convert.c +++ b/sys/net/pfkeyv2_convert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2_convert.c,v 1.68 2020/07/18 15:10:03 kn Exp $ */ +/* $OpenBSD: pfkeyv2_convert.c,v 1.69 2020/11/05 19:28:28 phessler Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@keromytis.org) * @@ -721,6 +721,9 @@ import_identity(struct ipsec_id **id, struct sadb_ident *sadb_ident, case SADB_IDENTTYPE_USERFQDN: (*id)->type = IPSP_IDENTITY_USERFQDN; break; + case SADB_IDENTTYPE_ASN1_DN: + (*id)->type = IPSP_IDENTITY_ASN1_DN; + break; default: free(*id, M_CREDENTIALS, *id_sz); *id = NULL; @@ -769,6 +772,9 @@ export_identity(void **p, struct ipsec_id *id) case IPSP_IDENTITY_USERFQDN: sadb_ident->sadb_ident_type = SADB_IDENTTYPE_USERFQDN; break; + case IPSP_IDENTITY_ASN1_DN: + sadb_ident->sadb_ident_type = SADB_IDENTTYPE_ASN1_DN; + break; } *p += sizeof(struct sadb_ident); bcopy(id + 1, *p, id->len); diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h index 1c434a92f9f..1bea23e1e2b 100644 --- a/sys/netinet/ip_ipsp.h +++ b/sys/netinet/ip_ipsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.h,v 1.195 2020/09/01 01:53:34 gnezdo Exp $ */ +/* $OpenBSD: ip_ipsp.h,v 1.196 2020/11/05 19:28:28 phessler Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -303,6 +303,7 @@ struct ipsec_policy { #define IPSP_IDENTITY_PREFIX 1 #define IPSP_IDENTITY_FQDN 2 #define IPSP_IDENTITY_USERFQDN 3 +#define IPSP_IDENTITY_ASN1_DN 4 struct tdb { /* tunnel descriptor block */ /* |