Merge tag 'upstream/5.4.0'

Upstream version 5.4.0

1 files changed, 13 insertions, 0 deletions

diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h
index 53f1b3805..6940069de 100644
--- a/src/libstrongswan/credentials/auth_cfg.h
+++ b/src/libstrongswan/credentials/auth_cfg.h
@@ -94,6 +94,8 @@ enum auth_rule_t {
 	AUTH_RULE_CRL_VALIDATION,
 	/** result of a OCSP validation, cert_validation_t */
 	AUTH_RULE_OCSP_VALIDATION,
+	/** CRL/OCSP validation is disabled, bool */
+	AUTH_RULE_CERT_VALIDATION_SUSPENDED,
 	/** subject is member of a group, identification_t*
 	 * The group membership constraint is fulfilled if the subject is member of
 	 * one group defined in the constraints. */
@@ -106,6 +108,8 @@ enum auth_rule_t {
 	AUTH_RULE_BLISS_STRENGTH,
 	/** required signature scheme, signature_scheme_t */
 	AUTH_RULE_SIGNATURE_SCHEME,
+	/** required signature scheme for IKE authentication, signature_scheme_t */
+	AUTH_RULE_IKE_SIGNATURE_SCHEME,
 	/** certificatePolicy constraint, numerical OID as char* */
 	AUTH_RULE_CERT_POLICY,
 
@@ -182,6 +186,15 @@ struct auth_cfg_t {
 	void (*add)(auth_cfg_t *this, auth_rule_t rule, ...);
 
 	/**
+	 * Add public key and signature scheme constraints to the set.
+	 *
+	 * @param constraints	constraints string (e.g. "rsa-sha384")
+	 * @param ike			whether to add/parse constraints for IKE signatures
+	 */
+	void (*add_pubkey_constraints)(auth_cfg_t *this, char *constraints,
+								   bool ike);
+
+	/**
 	 * Get a rule value.
 	 *
 	 * For rules we expect only once the latest value is returned.