I'll try splitting it into smaller pieces as well. https://github.com/openwrt/packages/pull/14535
> On Jan 22, 2021, at 11:47 AM, Philip Prindeville > <[email protected]> wrote: > > Hi, > > I posted the following PR some time ago (late November) and it's languishing: > > https://github.com/openwrt/packages/pull/14028 > > Can I get some reviews of it? > > X.509 authentication is a more attractive alternative to simple PSK > authentication (more entropy, less susceptible to dictionary attacks, etc). > > It's a short series of commits that do: > > * suppress multiple logging in /var/log/messages for authentication messages; > * adds the /etc/swanctl/conf.d/ which is read from /etc/swanctl/swanctl.conf > but doesn't exist; > * cleans up some of the UCI and corrects the handling of the "updown" and > "firewall" scripts (there is no "left" or "right" version, since it's always > local by definition); > * adds new parameters "reauth", "fragmentation", "closeaction", "mobile" for > greater completeness; > * the X.509 support, which is the most important part of this PR, but is > actually a fairly trivial change; > * add support for a global "setup" config section, which contains the > "cachecrls", "charondebug", "strictcrlpolicy", and "uniqueids" parameters; > > It's all Shell and UCI changes, and the relevant .conf generation. Pretty > straightforward. > > Thanks, > > -Philip > > > _______________________________________________ > openwrt-devel mailing list > [email protected] > https://lists.openwrt.org/mailman/listinfo/openwrt-devel _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
