summaryrefslogtreecommitdiff
path: root/src/pt-tls-client/pt-tls-client.c
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@corsac.net>2017-09-01 17:21:25 +0200
committerYves-Alexis Perez <corsac@corsac.net>2017-09-01 17:21:25 +0200
commit11d6b62db969bdd808d0f56706cb18f113927a31 (patch)
tree8aa7d8fb611c3da6a3523cb78a082f62ffd0dac8 /src/pt-tls-client/pt-tls-client.c
parentbba25e2ff6c4a193acb54560ea4417537bd2954e (diff)
downloadvyos-strongswan-11d6b62db969bdd808d0f56706cb18f113927a31.tar.gz
vyos-strongswan-11d6b62db969bdd808d0f56706cb18f113927a31.zip
New upstream version 5.6.0
Diffstat (limited to 'src/pt-tls-client/pt-tls-client.c')
-rw-r--r--src/pt-tls-client/pt-tls-client.c40
1 files changed, 29 insertions, 11 deletions
diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c
index 6f200c316..d7e78c497 100644
--- a/src/pt-tls-client/pt-tls-client.c
+++ b/src/pt-tls-client/pt-tls-client.c
@@ -42,9 +42,10 @@ static void usage(FILE *out)
{
fprintf(out,
"Usage: pt-tls --connect <hostname|address> [--port <port>]\n"
- " [--cert <file>]+ [--key <file>] [--key-type rsa|ecdsa]\n"
- " [--client <client-id>] [--secret <password>]\n"
- " [--optionsfrom <filename>] [--quiet] [--debug <level>]\n");
+ " [--cert <file>]+ [--keyid <hex>|--key <file>]\n"
+ " [--key-type rsa|ecdsa] [--client <client-id>]\n"
+ " [--secret <password>] [--mutual] [--quiet]\n"
+ " [--debug <level>] [--optionsfrom <filename>]\n");
}
/**
@@ -121,15 +122,26 @@ static bool load_certificate(char *filename)
/**
* Load private key from file
*/
-static bool load_key(char *filename, key_type_t type)
+static bool load_key(char *keyid, char *filename, key_type_t type)
{
private_key_t *key;
+ chunk_t chunk;
- key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
- BUILD_FROM_FILE, filename, BUILD_END);
+ if (keyid)
+ {
+ chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
+ key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY,
+ BUILD_PKCS11_KEYID, chunk, BUILD_END);
+ chunk_free(&chunk);
+ }
+ else
+ {
+ key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
+ BUILD_FROM_FILE, filename, BUILD_END);
+ }
if (!key)
{
- DBG1(DBG_TLS, "loading key from '%s' failed", filename);
+ DBG1(DBG_TLS, "loading key from '%s' failed", keyid ? keyid : filename);
return FALSE;
}
creds->add_key(creds, key);
@@ -255,7 +267,8 @@ static void init()
int main(int argc, char *argv[])
{
- char *address = NULL, *identity = "%any", *secret = NULL, *key_file = NULL;
+ char *address = NULL, *identity = "%any", *secret = NULL;
+ char *keyid = NULL, *key_file = NULL;
key_type_t key_type = KEY_RSA;
int port = PT_TLS_PORT;
@@ -270,15 +283,17 @@ int main(int argc, char *argv[])
{"secret", required_argument, NULL, 's' },
{"port", required_argument, NULL, 'p' },
{"cert", required_argument, NULL, 'x' },
+ {"keyid", required_argument, NULL, 'K' },
{"key", required_argument, NULL, 'k' },
- {"key-type", required_argument, NULL, 't' },
+ {"key-type", required_argument, NULL, 't' },
{"mutual", no_argument, NULL, 'm' },
{"quiet", no_argument, NULL, 'q' },
{"debug", required_argument, NULL, 'd' },
{"optionsfrom", required_argument, NULL, '+' },
{0,0,0,0 }
};
- switch (getopt_long(argc, argv, "", long_opts, NULL))
+ switch (getopt_long(argc, argv, "hc:i:s:p:x:K:k:t:mqd:+:", long_opts,
+ NULL))
{
case EOF:
break;
@@ -291,6 +306,9 @@ int main(int argc, char *argv[])
return 1;
}
continue;
+ case 'K': /* --keyid <hex> */
+ keyid = optarg;
+ continue;
case 'k': /* --key <file> */
key_file = optarg;
continue;
@@ -352,7 +370,7 @@ int main(int argc, char *argv[])
usage(stderr);
return 1;
}
- if (key_file && !load_key(key_file, key_type))
+ if ((keyid || key_file) && !load_key(keyid, key_file, key_type))
{
return 1;
}