optional-certificate was renamed to certificate[optional]

NEWS

@@ -7,7 +7,7 @@
 - Added the unix-conn-file configuration option. That allows obtaining
   plaintext HTTP sessions through a unix domain socket. That is useful
   when combined with a forwarder HTTPS server like nginx, nxweb or haproxy.
-- Added the optional-certificate auth configuration option. That option
+- Added the certificate[optional] auth configuration option. That option
   allows to require certificate authentication in a subset of users.
 - Reverted license to GPLv2.
 

src/config.c

@@ -389,7 +389,7 @@ unsigned force_cert_auth;
 			config->auth_types |= AUTH_TYPE_PLAIN;
 		} else if (c_strcasecmp(auth[j], "certificate") == 0) {
 			config->auth_types |= AUTH_TYPE_CERTIFICATE;
-		} else if (c_strcasecmp(auth[j], "optional-certificate") == 0) {
+		} else if (c_strcasecmp(auth[j], "certificate[optional]") == 0) {
 			config->auth_types |= AUTH_TYPE_CERTIFICATE_OPT;
 		} else {
 			fprintf(stderr, "Unknown auth method: %s\n", auth[j]);

src/ocserv-args.def

@@ -78,9 +78,13 @@ An example configuration file follows.
 # multiple auth directives. Available options: certificate, optional-certificate,
 # plain, pam. 
 #auth = "certificate"
-#auth = "optional-certificate"
 #auth = "pam"
 
+# This indicates that a user may present a certificate. When that option
+# is set, individual users or user groups can be forced to present a valid
+# certificate by using "require-cert=true".
+#auth = "certificate[optional]"
+
 # The gid-min option is used by auto-select-group option, in order to
 # select the minimum valid group ID.
 #auth = "pam[gid-min=1000]"
@@ -416,7 +420,7 @@ route = 192.168.5.0/255.255.255.0
 #default-group-config = /etc/ocserv/defaults/group.conf
 
 # This option is only valid in a user/group configuration file. If the
-# auth mode is optional-certificate, it requires a certificate for this
+# auth mode is certificate[optional], it requires a certificate for this
 # particular user or group.
 #require-cert = true
 

tests/Makefile.am

@@ -9,11 +9,11 @@ SUBDIRS = docker-ocserv
 
 dist_check_SCRIPTS = test-pass test-pass-cert test-cert test-iroute test-pass-script \
 	test-multi-cookie test-pam test-stress full-test test-group-pass test-pass-group-cert \
-	ocpasswd-test test-pass-group-cert-no-pass unix-test
+	ocpasswd-test test-pass-group-cert-no-pass unix-test test-pass-opt-cert
 
 TESTS = test-pass test-pass-cert test-cert test-iroute test-pass-script \
 	test-multi-cookie full-test test-group-pass test-pass-group-cert \
-	ocpasswd-test test-pass-group-cert-no-pass unix-test
+	ocpasswd-test test-pass-group-cert-no-pass unix-test test-pass-opt-cert
 
 TESTS_ENVIRONMENT = srcdir="$(srcdir)" \
 	top_builddir="$(top_builddir)"

tests/test-pass-opt-cert.config

@@ -1,7 +1,7 @@
 # User authentication method. Could be set multiple times and in that case
 # all should succeed.
 # Options: certificate, pam. 
-auth = "optional-certificate"
+auth = "certificate[optional]"
 auth = "plain[./test1.passwd]"
 #auth = "pam"