diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2007-05-25 08:21:27 +0000 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2007-05-25 08:21:27 +0000 |
| commit | 13b872ebd211fc72b3174281ec95984b182396c3 (patch) | |
| tree | a1ca9025b72a341f936c69bc50e3b50ebdb78d36 /src | |
| parent | f2566a3bac180a79b1ba06c96ef32e72d0f802e6 (diff) | |
| download | strongswan-13b872ebd211fc72b3174281ec95984b182396c3.tar.bz2 strongswan-13b872ebd211fc72b3174281ec95984b182396c3.tar.xz | |
set certinfo status to CERT_UNKNOWN before crl and|or ocsp verification
Diffstat (limited to 'src')
| -rw-r--r-- | src/charon/config/credentials/local_credential_store.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/charon/config/credentials/local_credential_store.c b/src/charon/config/credentials/local_credential_store.c index 48fb1c80c..af5a0213b 100644 --- a/src/charon/config/credentials/local_credential_store.c +++ b/src/charon/config/credentials/local_credential_store.c @@ -301,7 +301,7 @@ static rsa_public_key_t *get_rsa_public_key(private_local_credential_store_t *th /** * Implementation of credential_store_t.get_issuer. */ -static ca_info_t* get_issuer(private_local_credential_store_t *this, const x509_t *cert) +static ca_info_t* get_issuer(private_local_credential_store_t *this, x509_t *cert) { ca_info_t *found = cert->get_ca_info(cert); @@ -548,7 +548,7 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f x509_t *end_cert = cert; x509_t *cert_copy = find_certificate(this->certs, end_cert); - DBG2(DBG_CFG, "verifying end entity certificate:"); + DBG1(DBG_CFG, "verifying end entity certificate up to trust anchor:"); *found = (cert_copy != NULL); if (*found) @@ -618,6 +618,8 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f cert_status_t status; certinfo_t *certinfo = certinfo_create(cert->get_serialNumber(cert)); + certinfo->set_status(certinfo, CERT_UNKNOWN); + if (pathlen == 0) { /* add any crl and ocsp uris contained in the certificate under test */ @@ -725,6 +727,8 @@ static status_t verify_signature(private_local_credential_store_t *this, status_t sig_status; x509_t *cert; + DBG1(DBG_CFG, "verifying RSA signature:"); + /* default return values in case of failure */ sig_status = NOT_FOUND; *issuer_p = NULL; @@ -1458,7 +1462,7 @@ local_credential_store_t * local_credential_store_create(void) this->public.credential_store.get_certificate = (x509_t* (*) (credential_store_t*,identification_t*))get_certificate; this->public.credential_store.get_auth_certificate = (x509_t* (*) (credential_store_t*,u_int,identification_t*))get_auth_certificate; this->public.credential_store.get_ca_certificate_by_keyid = (x509_t* (*) (credential_store_t*,chunk_t))get_ca_certificate_by_keyid; - this->public.credential_store.get_issuer = (ca_info_t* (*) (credential_store_t*,const x509_t*))get_issuer; + this->public.credential_store.get_issuer = (ca_info_t* (*) (credential_store_t*,x509_t*))get_issuer; this->public.credential_store.is_trusted = (bool (*) (credential_store_t*,x509_t*))is_trusted; this->public.credential_store.verify_signature = (status_t (*) (credential_store_t*,chunk_t,chunk_t,identification_t*,ca_info_t**))verify_signature; this->public.credential_store.verify = (bool (*) (credential_store_t*,x509_t*,bool*))verify; |