aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon')
-rw-r--r--src/charon/config/credentials/local_credential_store.c21
1 files changed, 16 insertions, 5 deletions
diff --git a/src/charon/config/credentials/local_credential_store.c b/src/charon/config/credentials/local_credential_store.c
index 09eac6aaa..1034cecd1 100644
--- a/src/charon/config/credentials/local_credential_store.c
+++ b/src/charon/config/credentials/local_credential_store.c
@@ -263,11 +263,22 @@ static void load_ca_certificates(private_local_credential_store_t *this, const c
cert = x509_create_from_file(file, "ca certificate");
if (cert)
{
- this->ca_certs->insert_last(this->ca_certs, (void*)cert);
- }
- else
- {
- this->logger->log(this->logger, ERROR, "certificate \"%s\" invalid, skipped", file);
+ err_t ugh = cert->is_valid(cert, NULL);
+
+ if (ugh != NULL)
+ {
+ this->logger->log(this->logger, ERROR, "warning: ca certificate %s", ugh);
+ }
+ if (cert->is_ca(cert))
+ {
+ this->ca_certs->insert_last(this->ca_certs, (void*)cert);
+ }
+ else
+ {
+ this->logger->log(this->logger, ERROR,
+ " CA basic constraints flag not set, cert discarded");
+ cert->destroy(cert);
+ }
}
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-24 06:32:48 +0000