diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2006-06-27 08:48:28 +0000 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2006-06-27 08:48:28 +0000 |
| commit | 6f74bfd6ac6e37c6c3796fc55d02635b2851e72b (patch) | |
| tree | eafd391f54c49167848b1a04d3df5ebe3083ce3f /src/charon/threads/stroke_interface.c | |
| parent | c01d911201b18db6f4ca5e71e0e6584a59658dbc (diff) | |
| download | strongswan-6f74bfd6ac6e37c6c3796fc55d02635b2851e72b.tar.bz2 strongswan-6f74bfd6ac6e37c6c3796fc55d02635b2851e72b.tar.xz | |
added X.509 trust chain verification
Diffstat (limited to 'src/charon/threads/stroke_interface.c')
| -rwxr-xr-x | src/charon/threads/stroke_interface.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/src/charon/threads/stroke_interface.c b/src/charon/threads/stroke_interface.c index 0bb97ca02..912213b1c 100755 --- a/src/charon/threads/stroke_interface.c +++ b/src/charon/threads/stroke_interface.c @@ -136,6 +136,7 @@ static x509_t* load_end_certificate(const char *filename, identification_t **idp { identification_t *id = *idp; identification_t *subject = cert->get_subject(cert); + time_t until; err_t ugh = cert->is_valid(cert, NULL); @@ -149,6 +150,20 @@ static x509_t* load_end_certificate(const char *filename, identification_t **idp id = subject; *idp = id->clone(id); } + /* test output */ + if (charon->credentials->verify(charon->credentials, cert, &until)) + { + char buf[TIMETOA_BUF]; + + timetoa(buf, TIMETOA_BUF, &until, TRUE); + logger->log(logger, CONTROL, " end entity certificate is trusted until %s", buf); + cert->set_until(cert, until); + } + else + { + logger->log(logger, ERROR, " end entity certificate is not trusted"); + } + /* end of test output */ return charon->credentials->add_end_certificate(charon->credentials, cert); } return NULL; @@ -305,7 +320,7 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg) } if (msg->add_conn.me.cert) { - x509_t *cert = load_end_certificate(msg->add_conn.me.cert, &my_id, this->stroke_logger); + x509_t *cert = load_end_certificate(msg->add_conn.me.cert, &my_id, this->logger); if (my_ca == NULL && !my_ca_same && cert) { @@ -316,7 +331,7 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg) } if (msg->add_conn.other.cert) { - x509_t *cert = load_end_certificate(msg->add_conn.other.cert, &other_id, this->stroke_logger); + x509_t *cert = load_end_certificate(msg->add_conn.other.cert, &other_id, this->logger); if (other_ca == NULL && !other_ca_same && cert) { |