From: Glen Huang <me@glenhuang.com>
Date: Sat, 25 Mar 2023 11:55:08 +0000 (+0800)
Subject: strongswan: add support for remote cacerts
X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=d347448ffb465f8f3f5a5c9f3c0c658e25f33eb3;p=feed%2Fpackages.git

strongswan: add support for remote cacerts

Signed-off-by: Glen Huang <me@glenhuang.com>
---

diff --git a/net/strongswan/files/swanctl.init b/net/strongswan/files/swanctl.init
index 7de08b6898..f32ca21c4a 100644
--- a/net/strongswan/files/swanctl.init
+++ b/net/strongswan/files/swanctl.init
@@ -434,6 +434,7 @@ config_connection() {
 	local local_key
 	local ca_cert
 	local rekeytime
+	local remote_ca_certs
 	local pools
 
 	config_get_bool enabled "$1" enabled 0
@@ -458,6 +459,7 @@ config_connection() {
 	config_get overtime "$1" overtime
 
 	config_list_foreach "$1" local_sourceip append_var local_sourceip ","
+	config_list_foreach "$1" remote_ca_certs append_var remote_ca_certs ","
 	config_list_foreach "$1" pools append_var pools ","
 
 	case "$fragmentation" in
@@ -529,6 +531,7 @@ config_connection() {
 	swanctl_xappend2 "remote {"
 	swanctl_xappend3 "auth = $auth_method"
 	[ -n "$remote_identifier" ] && swanctl_xappend3 "id = \"$remote_identifier\""
+	[ -n "$remote_ca_certs" ] && swanctl_xappend3 "cacerts = \"$remote_ca_certs\""
 	swanctl_xappend2 "}"
 
 	swanctl_xappend2 "children {"