diff options
Diffstat (limited to 'src/charon')
| -rwxr-xr-x | src/charon/config/credentials/credential_store.h | 5 | ||||
| -rw-r--r-- | src/charon/config/credentials/local_credential_store.c | 11 | ||||
| -rw-r--r-- | src/charon/encoding/payloads/certreq_payload.c | 2 |
3 files changed, 10 insertions, 8 deletions
diff --git a/src/charon/config/credentials/credential_store.h b/src/charon/config/credentials/credential_store.h index 6da0047c6..9c10f95c4 100755 --- a/src/charon/config/credentials/credential_store.h +++ b/src/charon/config/credentials/credential_store.h @@ -108,13 +108,14 @@ struct credential_store_t { x509_t* (*get_certificate) (credential_store_t *this, identification_t *id); /** - * @brief Returns the ca certificate of a specific subject distinguished name. + * @brief Returns the auth certificate of a specific subject distinguished name. * * @param this calling object + * @param auth_flags set of allowed authority types * @param id identification_t object identifiying the cacert. * @return certificate, or NULL if not found */ - x509_t* (*get_ca_certificate) (credential_store_t *this, identification_t *id); + x509_t* (*get_auth_certificate) (credential_store_t *this, u_int auth_flags, identification_t *id); /** * @brief Returns the ca certificate of a specific keyID. diff --git a/src/charon/config/credentials/local_credential_store.c b/src/charon/config/credentials/local_credential_store.c index df47723eb..97146d4eb 100644 --- a/src/charon/config/credentials/local_credential_store.c +++ b/src/charon/config/credentials/local_credential_store.c @@ -356,10 +356,11 @@ static bool has_rsa_private_key(private_local_credential_store_t *this, rsa_publ } /** - * Implementation of credential_store_t.get_ca_certificate. + * Implementation of credential_store_t.get_auth_certificate. */ -static x509_t* get_ca_certificate(private_local_credential_store_t *this, - identification_t *id) +static x509_t* get_auth_certificate(private_local_credential_store_t *this, + u_int auth_flags, + identification_t *id) { x509_t *found = NULL; x509_t *current_cert; @@ -368,7 +369,7 @@ static x509_t* get_ca_certificate(private_local_credential_store_t *this, while (iterator->iterate(iterator, (void**)¤t_cert)) { - if (current_cert->has_authority_flag(current_cert, AUTH_CA) + if (current_cert->has_authority_flag(current_cert, auth_flags) && id->equals(id, current_cert->get_subject(current_cert))) { found = current_cert; @@ -1229,7 +1230,7 @@ local_credential_store_t * local_credential_store_create(bool strict) this->public.credential_store.has_rsa_private_key = (bool (*) (credential_store_t*,rsa_public_key_t*))has_rsa_private_key; this->public.credential_store.get_trusted_public_key = (rsa_public_key_t*(*)(credential_store_t*,identification_t*))get_trusted_public_key; this->public.credential_store.get_certificate = (x509_t* (*) (credential_store_t*,identification_t*))get_certificate; - this->public.credential_store.get_ca_certificate = (x509_t* (*) (credential_store_t*,identification_t*))get_ca_certificate; + this->public.credential_store.get_auth_certificate = (x509_t* (*) (credential_store_t*,u_int,identification_t*))get_auth_certificate; this->public.credential_store.get_ca_certificate_by_keyid = (x509_t* (*) (credential_store_t*,chunk_t))get_ca_certificate_by_keyid; this->public.credential_store.get_issuer = (ca_info_t* (*) (credential_store_t*,const x509_t*))get_issuer; this->public.credential_store.verify = (bool (*) (credential_store_t*,x509_t*,bool*))verify; diff --git a/src/charon/encoding/payloads/certreq_payload.c b/src/charon/encoding/payloads/certreq_payload.c index ea465fd5f..55f04c5b2 100644 --- a/src/charon/encoding/payloads/certreq_payload.c +++ b/src/charon/encoding/payloads/certreq_payload.c @@ -274,7 +274,7 @@ certreq_payload_t *certreq_payload_create_from_cacert(identification_t *id) chunk_t keyid; certreq_payload_t *this; - cacert = charon->credentials->get_ca_certificate(charon->credentials, id); + cacert = charon->credentials->get_auth_certificate(charon->credentials, AUTH_CA, id); if (cacert == NULL) { /* no such CA cert */ |