diff options
Diffstat (limited to 'src/libstrongswan/plugins')
| -rw-r--r-- | src/libstrongswan/plugins/constraints/constraints_validator.c | 2 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_x509.c | 2 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_cert.c | 6 |
3 files changed, 5 insertions, 5 deletions
diff --git a/src/libstrongswan/plugins/constraints/constraints_validator.c b/src/libstrongswan/plugins/constraints/constraints_validator.c index bab2535c1..a52f37a1c 100644 --- a/src/libstrongswan/plugins/constraints/constraints_validator.c +++ b/src/libstrongswan/plugins/constraints/constraints_validator.c @@ -39,7 +39,7 @@ static bool check_pathlen(x509_t *issuer, int pathlen) int pathlen_constraint; pathlen_constraint = issuer->get_pathLenConstraint(issuer); - if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT && + if (pathlen_constraint != X509_NO_CONSTRAINT && pathlen > pathlen_constraint) { DBG1(DBG_CFG, "path length of %d violates constraint of %d", diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index 6ffe08f6e..7b6ac121f 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -581,7 +581,7 @@ static private_openssl_x509_t *create_empty() .issuerAltNames = linked_list_create(), .crl_uris = linked_list_create(), .ocsp_uris = linked_list_create(), - .pathlen = X509_NO_PATH_LEN_CONSTRAINT, + .pathlen = X509_NO_CONSTRAINT, .ref = 1, ); diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index f79418382..4f6cdaa4b 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -1800,7 +1800,7 @@ static private_x509_cert_t* create_empty(void) .excluded_names = linked_list_create(), .cert_policies = linked_list_create(), .policy_mappings = linked_list_create(), - .pathLenConstraint = X509_NO_PATH_LEN_CONSTRAINT, + .pathLenConstraint = X509_NO_CONSTRAINT, .ref = 1, ); return this; @@ -1997,7 +1997,7 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, { chunk_t pathLenConstraint = chunk_empty; - if (cert->pathLenConstraint != X509_NO_PATH_LEN_CONSTRAINT) + if (cert->pathLenConstraint != X509_NO_CONSTRAINT) { char pathlen = (char)cert->pathLenConstraint; @@ -2361,7 +2361,7 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) cert->pathLenConstraint = va_arg(args, int); if (cert->pathLenConstraint < 0 || cert->pathLenConstraint > 127) { - cert->pathLenConstraint = X509_NO_PATH_LEN_CONSTRAINT; + cert->pathLenConstraint = X509_NO_CONSTRAINT; } continue; case BUILD_PERMITTED_NAME_CONSTRAINTS: |