diff options
| author | Martin Willi <martin@revosec.ch> | 2013-01-18 11:25:17 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-01-18 11:59:27 +0100 |
| commit | 51dbcf649712f8cabe28a5628facb4741e101dc8 (patch) | |
| tree | 5893a92fd632e8ea19af68685ca49d30722b0fbf /src | |
| parent | 11a7abf5546e139552dcb90c5940860c9b2242e9 (diff) | |
| download | strongswan-51dbcf649712f8cabe28a5628facb4741e101dc8.tar.bz2 strongswan-51dbcf649712f8cabe28a5628facb4741e101dc8.tar.xz | |
After merging the used trustchain with config, move used certificate to front
Diffstat (limited to 'src')
| -rw-r--r-- | src/libstrongswan/credentials/credential_manager.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c index 4bd2403f2..bb88fa88e 100644 --- a/src/libstrongswan/credentials/credential_manager.c +++ b/src/libstrongswan/credentials/credential_manager.c @@ -1041,6 +1041,29 @@ static private_key_t *get_private_by_cert(private_credential_manager_t *this, return private; } +/** + * Move the actually used certificate to front, so it gets returned with get() + */ +static void prefer_cert(auth_cfg_t *auth, certificate_t *cert) +{ + enumerator_t *enumerator; + auth_rule_t rule; + certificate_t *current; + + enumerator = auth->create_enumerator(auth); + while (enumerator->enumerate(enumerator, &rule, ¤t)) + { + if (rule == AUTH_RULE_SUBJECT_CERT) + { + current->get_ref(current); + auth->replace(auth, enumerator, AUTH_RULE_SUBJECT_CERT, cert); + cert = current; + } + } + enumerator->destroy(enumerator); + auth->add(auth, AUTH_RULE_SUBJECT_CERT, cert); +} + METHOD(credential_manager_t, get_private, private_key_t*, private_credential_manager_t *this, key_type_t type, identification_t *id, auth_cfg_t *auth) @@ -1076,6 +1099,7 @@ METHOD(credential_manager_t, get_private, private_key_t*, if (trustchain) { auth->merge(auth, trustchain, FALSE); + prefer_cert(auth, cert->get_ref(cert)); trustchain->destroy(trustchain); break; } |