diff options
| author | Martin Willi <martin@revosec.ch> | 2010-12-22 10:34:58 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2011-01-05 16:46:04 +0100 |
| commit | 09e319d419a34cacc98420c1585e131362127574 (patch) | |
| tree | 5fb711af171df5d8ca3698be8a5b2ea4c193a9f6 /src/libstrongswan/plugins/revocation | |
| parent | 98ef286580bbd27bfd62b857098ee8c5d8acb2dc (diff) | |
| download | strongswan-09e319d419a34cacc98420c1585e131362127574.tar.bz2 strongswan-09e319d419a34cacc98420c1585e131362127574.tar.xz | |
Always pass auth info to validate(), use pathlen to check for user certificate
Diffstat (limited to 'src/libstrongswan/plugins/revocation')
| -rw-r--r-- | src/libstrongswan/plugins/revocation/revocation_validator.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c index c9a60934b..0fe97225f 100644 --- a/src/libstrongswan/plugins/revocation/revocation_validator.c +++ b/src/libstrongswan/plugins/revocation/revocation_validator.c @@ -576,7 +576,8 @@ METHOD(cert_validator_t, validate, bool, { DBG1(DBG_CFG, "checking certificate status of \"%Y\"", subject->get_subject(subject)); - switch (check_ocsp((x509_t*)subject, (x509_t*)issuer, auth)) + switch (check_ocsp((x509_t*)subject, (x509_t*)issuer, + pathlen ? NULL : auth)) { case VALIDATION_GOOD: DBG1(DBG_CFG, "certificate status is good"); @@ -594,7 +595,8 @@ METHOD(cert_validator_t, validate, bool, DBG1(DBG_CFG, "ocsp check failed, fallback to crl"); break; } - switch (check_crl((x509_t*)subject, (x509_t*)issuer, auth)) + switch (check_crl((x509_t*)subject, (x509_t*)issuer, + pathlen ? NULL : auth)) { case VALIDATION_GOOD: DBG1(DBG_CFG, "certificate status is good"); |