aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/constraints
diff options
context:
space:
mode:
authorMartin Willi <martin@revosec.ch>2013-07-09 11:55:32 +0200
committerMartin Willi <martin@revosec.ch>2013-07-18 16:00:30 +0200
commit4d7a762871f52dac5c7bd7808edc94a55dd40e1a (patch)
treea051510dbcf77c3490e3bd4c63c262c889c89073 /src/libstrongswan/plugins/constraints
parentf7cff7fac45e7914dd742d4348be1b17b9e63e0c (diff)
downloadstrongswan-4d7a762871f52dac5c7bd7808edc94a55dd40e1a.tar.bz2
strongswan-4d7a762871f52dac5c7bd7808edc94a55dd40e1a.tar.xz
credmgr: introduce a hook function to catch trust chain validation errors
Diffstat (limited to 'src/libstrongswan/plugins/constraints')
-rw-r--r--src/libstrongswan/plugins/constraints/constraints_validator.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/src/libstrongswan/plugins/constraints/constraints_validator.c b/src/libstrongswan/plugins/constraints/constraints_validator.c
index 83a74299a..62ccc7108 100644
--- a/src/libstrongswan/plugins/constraints/constraints_validator.c
+++ b/src/libstrongswan/plugins/constraints/constraints_validator.c
@@ -533,20 +533,28 @@ METHOD(cert_validator_t, validate, bool,
{
if (!check_pathlen((x509_t*)issuer, pathlen))
{
+ lib->credmgr->call_hook(lib->credmgr, CRED_HOOK_EXCEEDED_PATH_LEN,
+ subject);
return FALSE;
}
if (!check_name_constraints(subject, (x509_t*)issuer))
{
+ lib->credmgr->call_hook(lib->credmgr, CRED_HOOK_POLICY_VIOLATION,
+ subject);
return FALSE;
}
if (!check_policy((x509_t*)subject, (x509_t*)issuer, !pathlen, auth))
{
+ lib->credmgr->call_hook(lib->credmgr, CRED_HOOK_POLICY_VIOLATION,
+ subject);
return FALSE;
}
if (anchor)
{
if (!check_policy_constraints((x509_t*)issuer, pathlen, auth))
{
+ lib->credmgr->call_hook(lib->credmgr,
+ CRED_HOOK_POLICY_VIOLATION, issuer);
return FALSE;
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 16:34:08 +0000