From bdcd27d13ec499a9f712b69f7a5d7d3a5f3ff3fc Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 25 Sep 2014 10:34:07 +0200 Subject: [PATCH] optional-certificate was renamed to certificate[optional] --- NEWS | 2 +- src/config.c | 2 +- src/ocserv-args.def | 8 ++++++-- tests/Makefile.am | 4 ++-- tests/test-pass-opt-cert.config | 2 +- 5 files changed, 11 insertions(+), 7 deletions(-) diff --git a/NEWS b/NEWS index 860857fb..9d6b29d7 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,7 @@ - Added the unix-conn-file configuration option. That allows obtaining plaintext HTTP sessions through a unix domain socket. That is useful when combined with a forwarder HTTPS server like nginx, nxweb or haproxy. -- Added the optional-certificate auth configuration option. That option +- Added the certificate[optional] auth configuration option. That option allows to require certificate authentication in a subset of users. - Reverted license to GPLv2. diff --git a/src/config.c b/src/config.c index be88b2e5..cdb72c37 100644 --- a/src/config.c +++ b/src/config.c @@ -389,7 +389,7 @@ unsigned force_cert_auth; config->auth_types |= AUTH_TYPE_PLAIN; } else if (c_strcasecmp(auth[j], "certificate") == 0) { config->auth_types |= AUTH_TYPE_CERTIFICATE; - } else if (c_strcasecmp(auth[j], "optional-certificate") == 0) { + } else if (c_strcasecmp(auth[j], "certificate[optional]") == 0) { config->auth_types |= AUTH_TYPE_CERTIFICATE_OPT; } else { fprintf(stderr, "Unknown auth method: %s\n", auth[j]); diff --git a/src/ocserv-args.def b/src/ocserv-args.def index 644df6e9..bdabf9f0 100644 --- a/src/ocserv-args.def +++ b/src/ocserv-args.def @@ -78,9 +78,13 @@ An example configuration file follows. # multiple auth directives. Available options: certificate, optional-certificate, # plain, pam. #auth = "certificate" -#auth = "optional-certificate" #auth = "pam" +# This indicates that a user may present a certificate. When that option +# is set, individual users or user groups can be forced to present a valid +# certificate by using "require-cert=true". +#auth = "certificate[optional]" + # The gid-min option is used by auto-select-group option, in order to # select the minimum valid group ID. #auth = "pam[gid-min=1000]" @@ -416,7 +420,7 @@ route = 192.168.5.0/255.255.255.0 #default-group-config = /etc/ocserv/defaults/group.conf # This option is only valid in a user/group configuration file. If the -# auth mode is optional-certificate, it requires a certificate for this +# auth mode is certificate[optional], it requires a certificate for this # particular user or group. #require-cert = true diff --git a/tests/Makefile.am b/tests/Makefile.am index 1e33f007..79c678b3 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -9,11 +9,11 @@ SUBDIRS = docker-ocserv dist_check_SCRIPTS = test-pass test-pass-cert test-cert test-iroute test-pass-script \ test-multi-cookie test-pam test-stress full-test test-group-pass test-pass-group-cert \ - ocpasswd-test test-pass-group-cert-no-pass unix-test + ocpasswd-test test-pass-group-cert-no-pass unix-test test-pass-opt-cert TESTS = test-pass test-pass-cert test-cert test-iroute test-pass-script \ test-multi-cookie full-test test-group-pass test-pass-group-cert \ - ocpasswd-test test-pass-group-cert-no-pass unix-test + ocpasswd-test test-pass-group-cert-no-pass unix-test test-pass-opt-cert TESTS_ENVIRONMENT = srcdir="$(srcdir)" \ top_builddir="$(top_builddir)" diff --git a/tests/test-pass-opt-cert.config b/tests/test-pass-opt-cert.config index 676b2280..bce9e3d4 100644 --- a/tests/test-pass-opt-cert.config +++ b/tests/test-pass-opt-cert.config @@ -1,7 +1,7 @@ # User authentication method. Could be set multiple times and in that case # all should succeed. # Options: certificate, pam. -auth = "optional-certificate" +auth = "certificate[optional]" auth = "plain[./test1.passwd]" #auth = "pam"