diff options
author | Martin Willi <martin@revosec.ch> | 2010-08-05 13:13:04 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2010-08-05 13:13:45 +0200 |
commit | e85bca7f22199b525e9f5daf488077706888a4e8 (patch) | |
tree | f40a3586488e9bfcb00dceb71c830f214b4ce071 | |
parent | 6b717cc28d9e28798561ce3ff248a589035340b7 (diff) | |
download | strongswan-e85bca7f22199b525e9f5daf488077706888a4e8.tar.bz2 strongswan-e85bca7f22199b525e9f5daf488077706888a4e8.tar.xz |
Use certificate subject to get a public key of the TLS server
-rw-r--r-- | src/libtls/tls_peer.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c index ab4d87920..fd0245cc0 100644 --- a/src/libtls/tls_peer.c +++ b/src/libtls/tls_peer.c @@ -462,6 +462,7 @@ static status_t send_key_exchange(private_tls_peer_t *this, tls_handshake_type_t *type, tls_writer_t *writer) { public_key_t *public = NULL, *current; + certificate_t *cert; enumerator_t *enumerator; auth_cfg_t *auth; rng_t *rng; @@ -482,15 +483,18 @@ static status_t send_key_exchange(private_tls_peer_t *this, chunk_from_thing(this->client_random), chunk_from_thing(this->server_random)); - enumerator = lib->credmgr->create_public_enumerator(lib->credmgr, - KEY_ANY, this->server, this->server_auth); - while (enumerator->enumerate(enumerator, ¤t, &auth)) + cert = this->server_auth->get(this->server_auth, AUTH_HELPER_SUBJECT_CERT); + if (cert) { - public = current->get_ref(current); - break; + enumerator = lib->credmgr->create_public_enumerator(lib->credmgr, + KEY_ANY, cert->get_subject(cert), this->server_auth); + while (enumerator->enumerate(enumerator, ¤t, &auth)) + { + public = current->get_ref(current); + break; + } + enumerator->destroy(enumerator); } - enumerator->destroy(enumerator); - if (!public) { DBG1(DBG_IKE, "no TLS public key found for server '%Y'", this->server); |