diff options
| -rwxr-xr-x | src/charon/config/credentials/credential_store.h | 5 | ||||
| -rw-r--r-- | src/charon/config/credentials/local_credential_store.c | 11 | ||||
| -rw-r--r-- | src/charon/encoding/payloads/certreq_payload.c | 2 | ||||
| -rwxr-xr-x | src/libstrongswan/crypto/x509.c | 6 |
4 files changed, 13 insertions, 11 deletions
diff --git a/src/charon/config/credentials/credential_store.h b/src/charon/config/credentials/credential_store.h index 6da0047c6..9c10f95c4 100755 --- a/src/charon/config/credentials/credential_store.h +++ b/src/charon/config/credentials/credential_store.h @@ -108,13 +108,14 @@ struct credential_store_t { x509_t* (*get_certificate) (credential_store_t *this, identification_t *id); /** - * @brief Returns the ca certificate of a specific subject distinguished name. + * @brief Returns the auth certificate of a specific subject distinguished name. * * @param this calling object + * @param auth_flags set of allowed authority types * @param id identification_t object identifiying the cacert. * @return certificate, or NULL if not found */ - x509_t* (*get_ca_certificate) (credential_store_t *this, identification_t *id); + x509_t* (*get_auth_certificate) (credential_store_t *this, u_int auth_flags, identification_t *id); /** * @brief Returns the ca certificate of a specific keyID. diff --git a/src/charon/config/credentials/local_credential_store.c b/src/charon/config/credentials/local_credential_store.c index df47723eb..97146d4eb 100644 --- a/src/charon/config/credentials/local_credential_store.c +++ b/src/charon/config/credentials/local_credential_store.c @@ -356,10 +356,11 @@ static bool has_rsa_private_key(private_local_credential_store_t *this, rsa_publ } /** - * Implementation of credential_store_t.get_ca_certificate. + * Implementation of credential_store_t.get_auth_certificate. */ -static x509_t* get_ca_certificate(private_local_credential_store_t *this, - identification_t *id) +static x509_t* get_auth_certificate(private_local_credential_store_t *this, + u_int auth_flags, + identification_t *id) { x509_t *found = NULL; x509_t *current_cert; @@ -368,7 +369,7 @@ static x509_t* get_ca_certificate(private_local_credential_store_t *this, while (iterator->iterate(iterator, (void**)¤t_cert)) { - if (current_cert->has_authority_flag(current_cert, AUTH_CA) + if (current_cert->has_authority_flag(current_cert, auth_flags) && id->equals(id, current_cert->get_subject(current_cert))) { found = current_cert; @@ -1229,7 +1230,7 @@ local_credential_store_t * local_credential_store_create(bool strict) this->public.credential_store.has_rsa_private_key = (bool (*) (credential_store_t*,rsa_public_key_t*))has_rsa_private_key; this->public.credential_store.get_trusted_public_key = (rsa_public_key_t*(*)(credential_store_t*,identification_t*))get_trusted_public_key; this->public.credential_store.get_certificate = (x509_t* (*) (credential_store_t*,identification_t*))get_certificate; - this->public.credential_store.get_ca_certificate = (x509_t* (*) (credential_store_t*,identification_t*))get_ca_certificate; + this->public.credential_store.get_auth_certificate = (x509_t* (*) (credential_store_t*,u_int,identification_t*))get_auth_certificate; this->public.credential_store.get_ca_certificate_by_keyid = (x509_t* (*) (credential_store_t*,chunk_t))get_ca_certificate_by_keyid; this->public.credential_store.get_issuer = (ca_info_t* (*) (credential_store_t*,const x509_t*))get_issuer; this->public.credential_store.verify = (bool (*) (credential_store_t*,x509_t*,bool*))verify; diff --git a/src/charon/encoding/payloads/certreq_payload.c b/src/charon/encoding/payloads/certreq_payload.c index ea465fd5f..55f04c5b2 100644 --- a/src/charon/encoding/payloads/certreq_payload.c +++ b/src/charon/encoding/payloads/certreq_payload.c @@ -274,7 +274,7 @@ certreq_payload_t *certreq_payload_create_from_cacert(identification_t *id) chunk_t keyid; certreq_payload_t *this; - cacert = charon->credentials->get_ca_certificate(charon->credentials, id); + cacert = charon->credentials->get_auth_certificate(charon->credentials, AUTH_CA, id); if (cacert == NULL) { /* no such CA cert */ diff --git a/src/libstrongswan/crypto/x509.c b/src/libstrongswan/crypto/x509.c index da7c3c780..d544560fb 100755 --- a/src/libstrongswan/crypto/x509.c +++ b/src/libstrongswan/crypto/x509.c @@ -1084,9 +1084,9 @@ static u_int get_authority_flags(private_x509_t *this) /** * Implements x509_t.has_authority_flag */ -static bool has_authority_flag(private_x509_t *this, u_int flag) +static bool has_authority_flag(private_x509_t *this, u_int flags) { - return (this->authority_flags & flag) != AUTH_NONE; + return (this->authority_flags & flags) != AUTH_NONE; } /** @@ -1295,7 +1295,7 @@ x509_t *x509_create_from_chunk(chunk_t chunk, u_int level) this->public.set_status = (void (*) (x509_t*,cert_status_t))set_status; this->public.get_status = (cert_status_t (*) (const x509_t*))get_status; this->public.add_authority_flags = (void (*) (x509_t*,u_int))add_authority_flags; - this->public.get_authority_flags = (u_int (*) (x509_t*,u_int))get_authority_flags; + this->public.get_authority_flags = (u_int (*) (x509_t*))get_authority_flags; this->public.has_authority_flag = (bool (*) (x509_t*,u_int))has_authority_flag; this->public.create_crluri_iterator = (iterator_t* (*) (const x509_t*))create_crluri_iterator; this->public.create_ocspuri_iterator = (iterator_t* (*) (const x509_t*))create_ocspuri_iterator; |