aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_x509.c15
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.c21
2 files changed, 26 insertions, 10 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index 4cc935625..aa39bc93d 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -295,10 +295,23 @@ METHOD(certificate_t, has_subject, id_match_t,
identification_t *current;
enumerator_t *enumerator;
id_match_t match, best;
+ chunk_t encoding;
if (subject->get_type(subject) == ID_KEY_ID)
{
- if (chunk_equals(this->hash, subject->get_encoding(subject)))
+ encoding = subject->get_encoding(subject);
+
+ if (chunk_equals(this->hash, encoding))
+ {
+ return ID_MATCH_PERFECT;
+ }
+ if (this->subjectKeyIdentifier.len &&
+ chunk_equals(this->subjectKeyIdentifier, encoding))
+ {
+ return ID_MATCH_PERFECT;
+ }
+ if (this->pubkey &&
+ this->pubkey->has_fingerprint(this->pubkey, encoding))
{
return ID_MATCH_PERFECT;
}
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 1ddb64f8c..559090aa0 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -1099,11 +1099,6 @@ static identification_t* get_issuer(private_x509_cert_t *this)
}
/**
- * Forward declaration
- */
-static chunk_t get_subjectKeyIdentifier(private_x509_cert_t *this);
-
-/**
* Implementation of certificate_t.has_subject.
*/
static id_match_t has_subject(private_x509_cert_t *this, identification_t *subject)
@@ -1111,20 +1106,28 @@ static id_match_t has_subject(private_x509_cert_t *this, identification_t *subje
identification_t *current;
enumerator_t *enumerator;
id_match_t match, best;
+ chunk_t encoding;
if (subject->get_type(subject) == ID_KEY_ID)
{
- chunk_t keyid = subject->get_encoding(subject);
+ encoding = subject->get_encoding(subject);
- if (this->encoding_hash.ptr && chunk_equals(this->encoding_hash, keyid))
+ if (this->encoding_hash.len &&
+ chunk_equals(this->encoding_hash, encoding))
{
return ID_MATCH_PERFECT;
}
- if (chunk_equals(get_subjectKeyIdentifier(this), keyid))
+ if (this->subjectKeyIdentifier.len &&
+ chunk_equals(this->subjectKeyIdentifier, encoding))
{
return ID_MATCH_PERFECT;
}
- }
+ if (this->public_key &&
+ this->public_key->has_fingerprint(this->public_key, encoding))
+ {
+ return ID_MATCH_PERFECT;
+ }
+ }
best = this->subject->matches(this->subject, subject);
enumerator = this->subjectAltNames->create_enumerator(this->subjectAltNames);
while (enumerator->enumerate(enumerator, &current))
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-14 00:03:29 +0000