[Openswan dev] ipsec.conf processing: missing include files
D. Hugh Redelmeier
hugh at mimosa.com
Tue Jul 8 13:26:50 EDT 2008
| From: Paul Wouters <paul at xelerance.com>
| That's fine, as long as processing does not eror with an exit for a missing
| includ file (which was the old behaviour that was fixed a few months ago)
|
| So, if with your change, we can still have: include /no/such/file.conf, and
| it will just get ignored, then I see no problem.
When should a failure to find an include file be fatal? Is this
documented anywhere?
If it were my choice, I'd have two directives:
includeany extras*
would include any file that matches the name but would be willing to
not find any.
and
include stuff
which should complain if "stuff" does not exist.
I don't know what existing expectations are. ipsec.conf(5) does not
seem to document this issue.
I think that I've changed the behavior. In the case where I removed
GLOB_NOMAGIC, the error used to be treated more seriously (and with an
unclear message). So if anything, the code has become more permissive. I
don't know if that is good.
More information about the Dev
mailing list