aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/libstrongswan/plugins/x509/x509_crl.c22
1 files changed, 12 insertions, 10 deletions
diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c
index d171ec2c4..1f3f60daa 100644
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@@ -462,17 +462,26 @@ METHOD(certificate_t, issued_by, bool,
return FALSE;
}
- /* get the public key of the issuer */
+ scheme = signature_scheme_from_oid(this->algorithm);
+ if (scheme == SIGN_UNKNOWN)
+ {
+ return FALSE;
+ }
key = issuer->get_public_key(issuer);
+ if (!key)
+ {
+ return FALSE;
+ }
/* compare keyIdentifiers if available, otherwise use DNs */
- if (this->authKeyIdentifier.ptr && key)
+ if (this->authKeyIdentifier.ptr)
{
chunk_t fingerprint;
if (!key->get_fingerprint(key, KEYID_PUBKEY_SHA1, &fingerprint) ||
!chunk_equals(fingerprint, this->authKeyIdentifier))
{
+ key->destroy(key);
return FALSE;
}
}
@@ -480,17 +489,10 @@ METHOD(certificate_t, issued_by, bool,
{
if (!this->issuer->equals(this->issuer, issuer->get_subject(issuer)))
{
+ key->destroy(key);
return FALSE;
}
}
-
- /* determine signature scheme */
- scheme = signature_scheme_from_oid(this->algorithm);
-
- if (scheme == SIGN_UNKNOWN || key == NULL)
- {
- return FALSE;
- }
valid = key->verify(key, scheme, this->tbsCertList, this->signature);
key->destroy(key);
if (valid && schemep)
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-17 18:18:29 +0000