diff options
| -rw-r--r-- | src/pluto/ca.c | 19 | ||||
| -rw-r--r-- | src/pluto/ca.h | 2 | ||||
| -rw-r--r-- | src/pluto/smartcard.c | 6 |
3 files changed, 13 insertions, 14 deletions
diff --git a/src/pluto/ca.c b/src/pluto/ca.c index d1be22e2f..878cf86c8 100644 --- a/src/pluto/ca.c +++ b/src/pluto/ca.c @@ -197,7 +197,7 @@ get_authcert(chunk_t subject, chunk_t serial, chunk_t keyid, u_char auth_flags) /* * add an authority certificate to the chained list */ -bool +x509cert_t* add_authcert(x509cert_t *cert, u_char auth_flags) { x509cert_t *old_cert; @@ -222,7 +222,7 @@ add_authcert(x509cert_t *cert, u_char auth_flags) unlock_authcert_list("add_authcert"); free_x509cert(cert); - return FALSE; + return old_cert; } else { @@ -242,7 +242,7 @@ add_authcert(x509cert_t *cert, u_char auth_flags) DBG_log(" authcert inserted") ) unlock_authcert_list("add_authcert"); - return TRUE; + return cert; } /* @@ -623,15 +623,12 @@ add_ca_info(const whack_message_t *msg) unlock_ca_info_list("add_ca_info"); /* add cacert to list of authcerts */ - if (!cached_cert) + if (!cached_cert && sc != NULL) { - if (add_authcert(cacert, AUTH_CA) && sc != NULL) - { - if (sc->last_cert.type == CERT_X509_SIGNATURE) - sc->last_cert.u.x509->count--; - sc->last_cert = cert; - share_cert(sc->last_cert); - } + if (sc->last_cert.type == CERT_X509_SIGNATURE) + sc->last_cert.u.x509->count--; + sc->last_cert.u.x509 = add_authcert(cacert, AUTH_CA); + share_cert(sc->last_cert); } if (sc != NULL) time(&sc->last_load); diff --git a/src/pluto/ca.h b/src/pluto/ca.h index 8d4602dc6..eaeede8f1 100644 --- a/src/pluto/ca.h +++ b/src/pluto/ca.h @@ -54,7 +54,7 @@ extern x509cert_t* get_authcert(chunk_t subject, chunk_t serial, chunk_t keyid , u_char auth_flags); extern void load_authcerts(const char *type, const char *path , u_char auth_flags); -extern bool add_authcert(x509cert_t *cert, u_char auth_flags); +extern x509cert_t* add_authcert(x509cert_t *cert, u_char auth_flags); extern void free_authcerts(void); extern void list_authcerts(const char *caption, u_char auth_flags, bool utc); extern bool trust_authcert_candidate(const x509cert_t *cert diff --git a/src/pluto/smartcard.c b/src/pluto/smartcard.c index 067d0f046..1261d6dd4 100644 --- a/src/pluto/smartcard.c +++ b/src/pluto/smartcard.c @@ -593,11 +593,13 @@ scx_find_cert_objects(CK_SLOT_ID slot, CK_SESSION_HANDLE session) /* put end entity and ca certificates into different chains */ if (cert->isCA) - add_authcert(cert, AUTH_CA); + { + sc->last_cert.u.x509 = add_authcert(cert, AUTH_CA); + } else { add_x509_public_key(cert, valid_until, DAL_LOCAL); - sc->last_cert.u.x509 = add_x509cert(cert); + sc->last_cert.u.x509 = add_x509cert(cert); } share_cert(sc->last_cert); |