diff options
| author | Martin Willi <martin@revosec.ch> | 2013-07-09 14:28:10 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-07-18 16:00:30 +0200 |
| commit | 868abd0626881fb5bd952d89f190d827596feb46 (patch) | |
| tree | 16d9ea27dd743ab5c823a8507e6e803fc3988d78 /src | |
| parent | 58750670cf03b7e492f769cc8eff8b8bcf2f1572 (diff) | |
| download | strongswan-868abd0626881fb5bd952d89f190d827596feb46.tar.bz2 strongswan-868abd0626881fb5bd952d89f190d827596feb46.tar.xz | |
error-notify: catch and forward some alerts related to certificate validation
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/plugins/error_notify/error_notify_listener.c | 22 | ||||
| -rw-r--r-- | src/libcharon/plugins/error_notify/error_notify_msg.h | 3 |
2 files changed, 25 insertions, 0 deletions
diff --git a/src/libcharon/plugins/error_notify/error_notify_listener.c b/src/libcharon/plugins/error_notify/error_notify_listener.c index a985cc480..13860fe50 100644 --- a/src/libcharon/plugins/error_notify/error_notify_listener.c +++ b/src/libcharon/plugins/error_notify/error_notify_listener.c @@ -45,6 +45,8 @@ METHOD(listener_t, alert, bool, identification_t *id; linked_list_t *list, *list2; peer_cfg_t *peer_cfg; + certificate_t *cert; + time_t not_before, not_after; if (!this->socket->has_listeners(this->socket)) { @@ -147,6 +149,26 @@ METHOD(listener_t, alert, bool, snprintf(msg.str, sizeof(msg.str), "an authorization plugin " "prevented establishment of an IKE_SA"); break; + case ALERT_CERT_EXPIRED: + msg.type = htonl(ERROR_NOTIFY_CERT_EXPIRED); + cert = va_arg(args, certificate_t*); + cert->get_validity(cert, NULL, ¬_before, ¬_after); + snprintf(msg.str, sizeof(msg.str), "certificiate expired: '%Y' " + "(valid from %T to %T)", cert->get_subject(cert), + ¬_before, TRUE, ¬_after, TRUE); + break; + case ALERT_CERT_REVOKED: + msg.type = htonl(ERROR_NOTIFY_CERT_REVOKED); + cert = va_arg(args, certificate_t*); + snprintf(msg.str, sizeof(msg.str), "certificiate revoked: '%Y'", + cert->get_subject(cert)); + break; + case ALERT_CERT_NO_ISSUER: + msg.type = htonl(ERROR_NOTIFY_NO_ISSUER_CERT); + cert = va_arg(args, certificate_t*); + snprintf(msg.str, sizeof(msg.str), "no trusted issuer certificate " + "found: '%Y'", cert->get_issuer(cert)); + break; default: return TRUE; } diff --git a/src/libcharon/plugins/error_notify/error_notify_msg.h b/src/libcharon/plugins/error_notify/error_notify_msg.h index 759d620c6..c66080276 100644 --- a/src/libcharon/plugins/error_notify/error_notify_msg.h +++ b/src/libcharon/plugins/error_notify/error_notify_msg.h @@ -45,6 +45,9 @@ enum { ERROR_NOTIFY_UNIQUE_KEEP = 14, ERROR_NOTIFY_VIP_FAILURE = 15, ERROR_NOTIFY_AUTHORIZATION_FAILED = 16, + ERROR_NOTIFY_CERT_EXPIRED = 17, + ERROR_NOTIFY_CERT_REVOKED = 18, + ERROR_NOTIFY_NO_ISSUER_CERT = 19, }; /** |