'renegotiate-time':(num,"Time after key setup to begin renegotiation (ms)"),
'restrict-nets':(networks,"Allowable networks"),
'networks':(networks,"Claimed networks"),
+ 'serial':(serial,"public key set serial"),
'pub':(listof(somepubkey),"new style public site key"),
'pubkey':(listof(somepubkey),"RSA public site key",'pub'),
'peer':(single_ipaddr,"Tunnel peer IP address"),
'address':sp,
'networks':None,
'peer':None,
+ 'serial':None,
'pub':None,
'pubkey':None,
'mobile':sp,
if pubkeys_install:
pa=self.pubkeys_path()
pw=open(pa+'~tmp','w')
+ if 'serial' in self.properties:
+ pw.write('serial %s\n' %
+ self.properties['serial'])
fs=FilterState()
for k in self.properties["pub"].list:
debugrepr('pubkeys install', k)
os.rename(pa+'~tmp',pa+'~update')
w.write("peer-keys \"%s\";\n"%pa);
else:
- w.write("key %s;\n"%str(self.properties["pub"].list[0]))
+ use = None
+ indefault = True
+ for k in self.properties["pub"].list:
+ debugrepr('pub write', (use,indefault,k))
+ if isinstance(k,pubkey):
+ if indefault:
+ use = k
+ break
+ if use is None:
+ use = k
+ else:
+ raise RuntimeError('bad '+repr(k))
+ if use is None:
+ complain("site with no public key");
+ w.write("key %s;\n"%str(use))
self.output_props(w,ind+2)
self.indent(w,ind+2)
w.write("link netlink {\n");