Exemple #1
0
void
init(void)
{
	app_init();
	doi_init();
	exchange_init();
	group_init();
	ipsec_init();
	isakmp_doi_init();
	libcrypto_init();

	timer_init();

	/* The following group are depending on timer_init having run.  */
	conf_init();
	connection_init();

	/* This depends on conf_init, thus check as soon as possible. */
	log_reinit();

	/* policy_init depends on conf_init having run.  */
	policy_init();

	/* Depends on conf_init and policy_init having run */
	cert_init();
	crl_init();

	sa_init();
	transport_init();
	virtual_init();
	udp_init();
	nat_t_init();
	udp_encap_init();
	vendor_init();
}
/* prepares a certificate, signs it and writes it to file */
int 
cert_sign_n_write (const dckey *ca, const char *id, const dckey *pk, 
		   unsigned int ndays, const char *cert_file)
{
  int fdcert;
  cert *cert = NULL; 
  char *cert_msg = NULL;
  
  if (!(cert = cert_init (ca, id, pk, ndays))
      || !(cert_msg = cert_export (cert, 0))
      || !(cert->sig = dcsign (ca, cert_msg))
      || (xfree (cert_msg), !(cert_msg = cert_export (cert, 1)))) {
    printf ("%s: error creating the certificate\n", getprogname ());
    cert_clr (cert);
    cert = NULL;
    check_n_free (&cert_msg);
    
    return -2;
  }
  /* write certificate and signature to fdcert */
  else {
    if ((fdcert = open (cert_file,O_WRONLY|O_TRUNC|O_CREAT,0644)) == -1){
      printf ("%s: trouble opening %s\n",
	      getprogname (), cert_file);
      perror (getprogname ());

      cert_clr (cert);
      cert = NULL;
      check_n_free (&cert_msg);
      
      return -1;
    }
    else if ((write_chunk (fdcert, cert_msg, strlen (cert_msg)) == -1) 
	     || (write_chunk (fdcert, "\n", 1) == -1)) {
      printf ("%s: trouble writing certificate to %s\n",
	      getprogname (), cert_file);
      perror (getprogname ());

      cert_clr (cert);
      cert = NULL;
      check_n_free (&cert_msg);
      
      return -1;
    }
    else {
      cert_clr (cert);
      cert = NULL;
      check_n_free (&cert_msg);
      
      close (fdcert);
      fdcert = -1;
      
      return 0;
    }
  }
}
Exemple #3
0
static void __dtls_timer(void *p) {
	struct dtls_cert *c;
	long int left;

	c = dtls_cert();
	left = c->expires - poller_now;
	if (left > CERT_EXPIRY_TIME/2)
		goto out;

	cert_init();

out:
	obj_put(c);
}
Exemple #4
0
/* Reinitialize, either after a SIGHUP reception or by FIFO UI cmd.  */
void
reinit(void)
{
	log_print("isakmpd: reinitializing daemon");

	/*
	 * XXX Remove all(/some?) pending exchange timers? - they may not be
	 *     possible to complete after we've re-read the config file.
	 *     User-initiated SIGHUP's maybe "authorizes" a wait until
	 *     next connection-check.
	 * XXX This means we discard exchange->last_msg, is this really ok?
         */

#if defined(INSECURE_RAND)
	/* Reinitialize PRNG if we are in deterministic mode.  */
	if (regrand)
		srandom(seed);
#endif

	/* Reread config file.  */
	conf_reinit();

	log_reinit();

	/* Reread the policies.  */
	policy_init();

	/* Reinitialize certificates */
	cert_init();
	crl_init();

	/* Reinitialize our connection list.  */
	connection_reinit();

	/*
	 * Rescan interfaces (call reinit() in all transports).
         */
	transport_reinit();

	/*
	 * XXX "These" (non-existent) reinitializations should not be done.
	 * cookie_reinit ();
	 * ui_reinit ();
         */

	sa_reinit();
}
Exemple #5
0
int dtls_init() {
	int i;
	char *p;

	rwlock_init(&__dtls_cert_lock);
	if (cert_init())
		return -1;

	p = ciphers_str;
	for (i = 0; i < num_crypto_suites; i++) {
		if (!crypto_suites[i].dtls_name)
			continue;

		p += sprintf(p, "%s:", crypto_suites[i].dtls_name);
	}

	assert(p != ciphers_str);
	assert(p - ciphers_str < sizeof(ciphers_str));

	p[-1] = '\0';

	return 0;
}