aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/x509/x509_cert.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/plugins/x509/x509_cert.c')
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.c35
1 files changed, 20 insertions, 15 deletions
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index c3bb4ea5b..526dbe8c6 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -174,22 +174,22 @@ struct private_x509_cert_t {
/**
* Path Length Constraint
*/
- char pathLenConstraint;
+ u_char pathLenConstraint;
/**
* requireExplicitPolicy Constraint
*/
- char require_explicit;
+ u_char require_explicit;
/**
* inhibitPolicyMapping Constraint
*/
- char inhibit_mapping;
+ u_char inhibit_mapping;
/**
* inhibitAnyPolicy Constraint
*/
- char inhibit_any;
+ u_char inhibit_any;
/**
* x509 constraints and other flags
@@ -255,14 +255,14 @@ static void policy_mapping_destroy(x509_policy_mapping_t *mapping)
/**
* Parse a length constraint from an unwrapped integer
*/
-static int parse_constraint(chunk_t object)
+static u_int parse_constraint(chunk_t object)
{
switch (object.len)
{
case 0:
return 0;
case 1:
- return object.ptr[0];
+ return (object.ptr[0] & 0x80) ? X509_NO_CONSTRAINT : object.ptr[0];
default:
return X509_NO_CONSTRAINT;
}
@@ -1723,7 +1723,7 @@ METHOD(x509_t, get_authKeyIdentifier, chunk_t,
return this->authKeyIdentifier;
}
-METHOD(x509_t, get_constraint, int,
+METHOD(x509_t, get_constraint, u_int,
private_x509_cert_t *this, x509_constraint_t type)
{
switch (type)
@@ -2390,6 +2390,7 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args)
certificate_t *sign_cert = NULL;
private_key_t *sign_key = NULL;
hash_algorithm_t digest_alg = HASH_SHA1;
+ u_int constraint;
cert = create_empty();
while (TRUE)
@@ -2464,11 +2465,9 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args)
continue;
}
case BUILD_PATHLEN:
- cert->pathLenConstraint = va_arg(args, int);
- if (cert->pathLenConstraint < 0 || cert->pathLenConstraint > 127)
- {
- cert->pathLenConstraint = X509_NO_CONSTRAINT;
- }
+ constraint = va_arg(args, u_int);
+ cert->pathLenConstraint = (constraint < 128) ?
+ constraint : X509_NO_CONSTRAINT;
continue;
case BUILD_PERMITTED_NAME_CONSTRAINTS:
{
@@ -2543,13 +2542,19 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args)
continue;
}
case BUILD_POLICY_REQUIRE_EXPLICIT:
- cert->require_explicit = va_arg(args, int);
+ constraint = va_arg(args, u_int);
+ cert->require_explicit = (constraint < 128) ?
+ constraint : X509_NO_CONSTRAINT;
continue;
case BUILD_POLICY_INHIBIT_MAPPING:
- cert->inhibit_mapping = va_arg(args, int);
+ constraint = va_arg(args, u_int);
+ cert->inhibit_mapping = (constraint < 128) ?
+ constraint : X509_NO_CONSTRAINT;
continue;
case BUILD_POLICY_INHIBIT_ANY:
- cert->inhibit_any = va_arg(args, int);
+ constraint = va_arg(args, u_int);
+ cert->inhibit_any = (constraint < 128) ?
+ constraint : X509_NO_CONSTRAINT;
continue;
case BUILD_NOT_BEFORE_TIME:
cert->notBefore = va_arg(args, time_t);