Add missing AUTH_RULE for trusted self-signed peer certificates

author: Martin Willi <martin@revosec.ch> 2011-02-01 09:24:42 +0100
committer: Martin Willi <martin@revosec.ch> 2011-02-01 09:25:10 +0100
commit: a846bf06e8a327387047e3cbcb6993010f45426c (patch)
tree: 1ef9b6f4221670a4d08d5a57c8f03b03aa29c0e4 /src/libstrongswan/credentials/credential_manager.c
parent: f808aa2c44d2258d7980db6a61351b947e14d47b (diff)
download: strongswan-a846bf06e8a327387047e3cbcb6993010f45426c.tar.bz2
strongswan-a846bf06e8a327387047e3cbcb6993010f45426c.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
index 91ed3cfb4..27b97eab3 100644
--- a/src/libstrongswan/credentials/credential_manager.c
+++ b/src/libstrongswan/credentials/credential_manager.c
@@ -716,6 +716,11 @@ METHOD(enumerator_t, trusted_enumerate, bool,
 				DBG1(DBG_CFG, "  using trusted certificate \"%Y\"",
 					 this->pretrusted->get_subject(this->pretrusted));
 				*cert = this->pretrusted;
+				if (!this->auth->get(this->auth, AUTH_RULE_SUBJECT_CERT))
+				{	/* add cert to auth info, if not returned by trustchain */
+					this->auth->add(this->auth, AUTH_RULE_SUBJECT_CERT,
+									this->pretrusted->get_ref(this->pretrusted));
+				}
 				if (auth)
 				{
 					*auth = this->auth;
author	Martin Willi <martin@revosec.ch>	2011-02-01 09:24:42 +0100
committer	Martin Willi <martin@revosec.ch>	2011-02-01 09:25:10 +0100
commit	a846bf06e8a327387047e3cbcb6993010f45426c (patch)
tree	1ef9b6f4221670a4d08d5a57c8f03b03aa29c0e4 /src/libstrongswan/credentials/credential_manager.c
parent	f808aa2c44d2258d7980db6a61351b947e14d47b (diff)
download	strongswan-a846bf06e8a327387047e3cbcb6993010f45426c.tar.bz2 strongswan-a846bf06e8a327387047e3cbcb6993010f45426c.tar.xz