credmgr: introduce a hook function to catch trust chain validation errors

author: Martin Willi <martin@revosec.ch> 2013-07-09 11:55:32 +0200
committer: Martin Willi <martin@revosec.ch> 2013-07-18 16:00:30 +0200
commit: 4d7a762871f52dac5c7bd7808edc94a55dd40e1a (patch)
tree: a051510dbcf77c3490e3bd4c63c262c889c89073 /src/libcharon/plugins/coupling
parent: f7cff7fac45e7914dd742d4348be1b17b9e63e0c (diff)
download: strongswan-4d7a762871f52dac5c7bd7808edc94a55dd40e1a.tar.bz2
strongswan-4d7a762871f52dac5c7bd7808edc94a55dd40e1a.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libcharon/plugins/coupling/coupling_validator.c b/src/libcharon/plugins/coupling/coupling_validator.c
index 539be7548..5a72531fa 100644
--- a/src/libcharon/plugins/coupling/coupling_validator.c
+++ b/src/libcharon/plugins/coupling/coupling_validator.c
@@ -167,6 +167,8 @@ METHOD(cert_validator_t, validate, bool,
 			{
 				DBG1(DBG_CFG, "coupling new certificate '%Y' failed",
 					 subject->get_subject(subject));
+				lib->credmgr->call_hook(lib->credmgr
+										CRED_HOOK_POLICY_VIOLATION, subject);
 			}
 		}
 		else
@@ -174,6 +176,8 @@ METHOD(cert_validator_t, validate, bool,
 			DBG1(DBG_CFG, "coupling new certificate '%Y' failed, limit of %d "
 				 "couplings reached", subject->get_subject(subject),
 				 this->max_couplings);
+			lib->credmgr->call_hook(lib->credmgr, CRED_HOOK_POLICY_VIOLATION,
+									subject);
 		}
 		this->mutex->unlock(this->mutex);
 	}
author	Martin Willi <martin@revosec.ch>	2013-07-09 11:55:32 +0200
committer	Martin Willi <martin@revosec.ch>	2013-07-18 16:00:30 +0200
commit	4d7a762871f52dac5c7bd7808edc94a55dd40e1a (patch)
tree	a051510dbcf77c3490e3bd4c63c262c889c89073 /src/libcharon/plugins/coupling
parent	f7cff7fac45e7914dd742d4348be1b17b9e63e0c (diff)
download	strongswan-4d7a762871f52dac5c7bd7808edc94a55dd40e1a.tar.bz2 strongswan-4d7a762871f52dac5c7bd7808edc94a55dd40e1a.tar.xz