diff options
| author | Martin Willi <martin@revosec.ch> | 2010-12-15 16:42:30 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2011-01-05 16:46:02 +0100 |
| commit | 5dba5852fcaa965cfc0adb0c2a756814af2c1885 (patch) | |
| tree | 50de01ff770a68b75e00a00f867c532024bfa887 | |
| parent | 3ffc9d9a881675df1f8403db625860fad328efd0 (diff) | |
| download | strongswan-5dba5852fcaa965cfc0adb0c2a756814af2c1885.tar.bz2 strongswan-5dba5852fcaa965cfc0adb0c2a756814af2c1885.tar.xz | |
Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_list.c | 2 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/certificates/x509.h | 2 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/constraints/constraints_validator.c | 2 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_x509.c | 2 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_cert.c | 6 | ||||
| -rw-r--r-- | src/pki/commands/issue.c | 2 | ||||
| -rw-r--r-- | src/pki/commands/print.c | 2 | ||||
| -rw-r--r-- | src/pki/commands/self.c | 2 | ||||
| -rw-r--r-- | src/pluto/ocsp.c | 2 | ||||
| -rw-r--r-- | src/pluto/x509.c | 4 |
10 files changed, 13 insertions, 13 deletions
diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index b4b513073..375ea3833 100644 --- a/src/libcharon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c @@ -835,7 +835,7 @@ static void stroke_list_certs(linked_list_t *list, char *label, /* list optional pathLenConstraint */ pathlen = x509->get_pathLenConstraint(x509); - if (pathlen != X509_NO_PATH_LEN_CONSTRAINT) + if (pathlen != X509_NO_CONSTRAINT) { fprintf(out, " pathlen: %d\n", pathlen); } diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h index b0f361edb..d620bbde8 100644 --- a/src/libstrongswan/credentials/certificates/x509.h +++ b/src/libstrongswan/credentials/certificates/x509.h @@ -24,7 +24,7 @@ #include <utils/enumerator.h> #include <credentials/certificates/certificate.h> -#define X509_NO_PATH_LEN_CONSTRAINT -1 +#define X509_NO_CONSTRAINT -1 typedef struct x509_t x509_t; typedef struct x509_cert_policy_t x509_cert_policy_t; diff --git a/src/libstrongswan/plugins/constraints/constraints_validator.c b/src/libstrongswan/plugins/constraints/constraints_validator.c index bab2535c1..a52f37a1c 100644 --- a/src/libstrongswan/plugins/constraints/constraints_validator.c +++ b/src/libstrongswan/plugins/constraints/constraints_validator.c @@ -39,7 +39,7 @@ static bool check_pathlen(x509_t *issuer, int pathlen) int pathlen_constraint; pathlen_constraint = issuer->get_pathLenConstraint(issuer); - if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT && + if (pathlen_constraint != X509_NO_CONSTRAINT && pathlen > pathlen_constraint) { DBG1(DBG_CFG, "path length of %d violates constraint of %d", diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index 6ffe08f6e..7b6ac121f 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -581,7 +581,7 @@ static private_openssl_x509_t *create_empty() .issuerAltNames = linked_list_create(), .crl_uris = linked_list_create(), .ocsp_uris = linked_list_create(), - .pathlen = X509_NO_PATH_LEN_CONSTRAINT, + .pathlen = X509_NO_CONSTRAINT, .ref = 1, ); diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index f79418382..4f6cdaa4b 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -1800,7 +1800,7 @@ static private_x509_cert_t* create_empty(void) .excluded_names = linked_list_create(), .cert_policies = linked_list_create(), .policy_mappings = linked_list_create(), - .pathLenConstraint = X509_NO_PATH_LEN_CONSTRAINT, + .pathLenConstraint = X509_NO_CONSTRAINT, .ref = 1, ); return this; @@ -1997,7 +1997,7 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, { chunk_t pathLenConstraint = chunk_empty; - if (cert->pathLenConstraint != X509_NO_PATH_LEN_CONSTRAINT) + if (cert->pathLenConstraint != X509_NO_CONSTRAINT) { char pathlen = (char)cert->pathLenConstraint; @@ -2361,7 +2361,7 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) cert->pathLenConstraint = va_arg(args, int); if (cert->pathLenConstraint < 0 || cert->pathLenConstraint > 127) { - cert->pathLenConstraint = X509_NO_PATH_LEN_CONSTRAINT; + cert->pathLenConstraint = X509_NO_CONSTRAINT; } continue; case BUILD_PERMITTED_NAME_CONSTRAINTS: diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index 62fe0185d..e29015981 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -59,7 +59,7 @@ static int issue() identification_t *id = NULL, *crl_issuer = NULL;; linked_list_t *san, *cdps, *ocsp, *permitted, *excluded, *policies, *mappings; int lifetime = 1095; - int pathlen = X509_NO_PATH_LEN_CONSTRAINT; + int pathlen = X509_NO_CONSTRAINT; chunk_t serial = chunk_empty; chunk_t encoding = chunk_empty; time_t not_before, not_after; diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c index 23fb644e1..dd17a0ab8 100644 --- a/src/pki/commands/print.c +++ b/src/pki/commands/print.c @@ -176,7 +176,7 @@ static void print_x509(x509_t *x509) enumerator->destroy(enumerator); len = x509->get_pathLenConstraint(x509); - if (len != X509_NO_PATH_LEN_CONSTRAINT) + if (len != X509_NO_CONSTRAINT) { printf("pathlen: %d\n", len); } diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index 134231dca..72ade4946 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -56,7 +56,7 @@ static int self() identification_t *id = NULL; linked_list_t *san, *ocsp, *permitted, *excluded, *policies, *mappings; int lifetime = 1095; - int pathlen = X509_NO_PATH_LEN_CONSTRAINT; + int pathlen = X509_NO_CONSTRAINT; chunk_t serial = chunk_empty; chunk_t encoding = chunk_empty; time_t not_before, not_after; diff --git a/src/pluto/ocsp.c b/src/pluto/ocsp.c index 8a351be6d..85cc5e0f2 100644 --- a/src/pluto/ocsp.c +++ b/src/pluto/ocsp.c @@ -1046,7 +1046,7 @@ static bool valid_ocsp_response(response_t *res) /* check path length constraint */ pathlen_constraint = x509->get_pathLenConstraint(x509); - if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT && + if (pathlen_constraint != X509_NO_CONSTRAINT && pathlen > pathlen_constraint) { plog("path length of %d violates constraint of %d", diff --git a/src/pluto/x509.c b/src/pluto/x509.c index d717beb15..d821c9b79 100644 --- a/src/pluto/x509.c +++ b/src/pluto/x509.c @@ -256,7 +256,7 @@ bool verify_x509cert(cert_t *cert, bool strict, time_t *until) /* check path length constraint */ pathlen_constraint = x509->get_pathLenConstraint(x509); - if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT && + if (pathlen_constraint != X509_NO_CONSTRAINT && pathlen > pathlen_constraint) { plog("path length of %d violates constraint of %d", @@ -451,7 +451,7 @@ void list_x509cert_chain(const char *caption, cert_t* cert, /* list optional pathLenConstraint */ pathlen = x509->get_pathLenConstraint(x509); - if (pathlen != X509_NO_PATH_LEN_CONSTRAINT) + if (pathlen != X509_NO_CONSTRAINT) { whack_log(RC_COMMENT, " pathlen: %d", pathlen); } |