aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan')
-rw-r--r--src/libstrongswan/credentials/builder.c1
-rw-r--r--src/libstrongswan/credentials/builder.h4
-rw-r--r--src/libstrongswan/credentials/credential_factory.c7
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.c34
4 files changed, 31 insertions, 15 deletions
diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c
index c4c3ba176..a2985efba 100644
--- a/src/libstrongswan/credentials/builder.c
+++ b/src/libstrongswan/credentials/builder.c
@@ -27,5 +27,6 @@ ENUM(builder_part_names, BUILD_BLOB_ASN1_DER, BUILD_END,
"BUILD_ISSUER_ALTNAME",
"BUILD_CA_CERT",
"BUILD_CERT",
+ "BUILD_X509_FLAG",
"BUILD_END",
);
diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h
index 14c3d2496..fd1cc69cf 100644
--- a/src/libstrongswan/credentials/builder.h
+++ b/src/libstrongswan/credentials/builder.h
@@ -58,8 +58,10 @@ enum builder_part_t {
BUILD_ISSUER_ALTNAME,
/** a CA certificate, certificate_t* */
BUILD_CA_CERT,
- /** a certificcate, certificate_t* */
+ /** a certificate, certificate_t* */
BUILD_CERT,
+ /** enforce an additional X509 flag, x509_flag_t */
+ BUILD_X509_FLAG,
/** end of variable argument builder list */
BUILD_END,
};
diff --git a/src/libstrongswan/credentials/credential_factory.c b/src/libstrongswan/credentials/credential_factory.c
index ab99a4211..635829386 100644
--- a/src/libstrongswan/credentials/credential_factory.c
+++ b/src/libstrongswan/credentials/credential_factory.c
@@ -20,6 +20,7 @@
#include <debug.h>
#include <utils/linked_list.h>
#include <utils/mutex.h>
+#include <credentials/certificates/x509.h>
typedef struct private_credential_factory_t private_credential_factory_t;
@@ -147,6 +148,9 @@ static void* create(private_credential_factory_t *this, credential_type_t type,
case BUILD_BLOB_ASN1_DER:
builder->add(builder, part, va_arg(args, chunk_t));
continue;
+ case BUILD_X509_FLAG:
+ builder->add(builder, part, va_arg(args, x509_flag_t));
+ continue;
case BUILD_KEY_SIZE:
builder->add(builder, part, va_arg(args, u_int));
continue;
@@ -164,7 +168,7 @@ static void* create(private_credential_factory_t *this, credential_type_t type,
default:
DBG1("builder part %N not supported by factory",
builder_part_names, part);
- continue;
+ break;
}
break;
}
@@ -219,6 +223,7 @@ static void* create(private_credential_factory_t *this, credential_type_t type,
continue;
}
case BUILD_KEY_SIZE:
+ case BUILD_X509_FLAG:
continue;
default:
DBG1("builder part %N not supported by factory",
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index a044c60a0..e85076d48 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -1143,7 +1143,7 @@ static void destroy(private_x509_cert_t *this)
/**
* load x509 certificate from a chunk
*/
-static x509_cert_t *load(chunk_t chunk)
+static private_x509_cert_t *load(chunk_t chunk)
{
private_x509_cert_t *this = malloc_thing(private_x509_cert_t);
@@ -1188,7 +1188,7 @@ static x509_cert_t *load(chunk_t chunk)
{
this->flags |= X509_SELF_SIGNED;
}
- return &this->public;
+ return this;
}
typedef struct private_builder_t private_builder_t;
@@ -1199,7 +1199,9 @@ struct private_builder_t {
/** implements the builder interface */
builder_t public;
/** loaded certificate */
- x509_cert_t *cert;
+ private_x509_cert_t *cert;
+ /** additional flags to enforce */
+ x509_flag_t flags;
};
/**
@@ -1207,10 +1209,12 @@ struct private_builder_t {
*/
static x509_cert_t *build(private_builder_t *this)
{
- x509_cert_t *cert = this->cert;
+ private_x509_cert_t *cert;
+ cert = this->cert;
+ cert->flags |= this->flags;
free(this);
- return cert;
+ return &cert->public;
}
/**
@@ -1220,25 +1224,28 @@ static void add(private_builder_t *this, builder_part_t part, ...)
{
va_list args;
- if (this->cert)
- {
- DBG1("ignoring surplus build part %N", builder_part_names, part);
- return;
- }
-
+ va_start(args, part);
switch (part)
{
case BUILD_BLOB_ASN1_DER:
{
- va_start(args, part);
+ if (this->cert)
+ {
+ destroy(this->cert);
+ }
this->cert = load(va_arg(args, chunk_t));
- va_end(args);
+ break;
+ }
+ case BUILD_X509_FLAG:
+ {
+ this->flags = va_arg(args, x509_flag_t);
break;
}
default:
DBG1("ignoring unsupported build part %N", builder_part_names, part);
break;
}
+ va_end(args);
}
/**
@@ -1256,6 +1263,7 @@ builder_t *x509_cert_builder(certificate_type_t type)
this = malloc_thing(private_builder_t);
this->cert = NULL;
+ this->flags = 0;
this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
this->public.build = (void*(*)(builder_t *this))build;
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-15 15:21:39 +0000