8 files changed, 67 insertions, 69 deletions

diff --git a/src/libstrongswan/credentials/certificates/certificate.c b/src/libstrongswan/credentials/certificates/certificate.c
index 1a83bdf4c..3437d5ad8 100644
--- a/src/libstrongswan/credentials/certificates/certificate.c
+++ b/src/libstrongswan/credentials/certificates/certificate.c
@@ -31,11 +31,11 @@ ENUM(certificate_type_names, CERT_ANY, CERT_PGP,
 	"PGP",
 );
 
-ENUM(cert_validation_names, VALIDATION_GOOD, VALIDATION_SKIPPED,
-	"VALIDATION_GOOD",
-	"VALIDATION_STALE",
-	"VALIDATION_REVOKED",
-	"VALIDATION_FAILED",
-	"VALIDATION_SKIPPED",
+ENUM(cert_validation_names, VALIDATION_GOOD, VALIDATION_REVOKED,
+	"GOOD",
+	"SKIPPED",
+	"STALE",
+	"FAILED",
+	"REVOKED",
 );
 
diff --git a/src/libstrongswan/credentials/certificates/certificate.h b/src/libstrongswan/credentials/certificates/certificate.h
index 1fb151d9f..81fce5508 100644
--- a/src/libstrongswan/credentials/certificates/certificate.h
+++ b/src/libstrongswan/credentials/certificates/certificate.h
@@ -58,18 +58,20 @@ extern enum_name_t *certificate_type_names;
 
 /**
  * Result of a certificate validation.
+ *
+ * Order of values is relevant, sorted from good to bad.
  */
 enum cert_validation_t {
 	/** certificate has been validated successfully */
-	VALIDATION_GOOD,
+	VALIDATION_GOOD = 0,
+	/** validation has been skipped due to missing validation information */
+	VALIDATION_SKIPPED,
 	/** certificate has been validated, but check based on stale information */
 	VALIDATION_STALE,
-	/** certificate has been revoked */
-	VALIDATION_REVOKED,
 	/** validation failed due to a processing error */
 	VALIDATION_FAILED,
-	/** validation has been skipped due to missing validation information */
-	VALIDATION_SKIPPED,
+	/** certificate has been revoked */
+	VALIDATION_REVOKED,
 };
 
 /**
diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c
index eac3b07a2..b213c7b47 100644
--- a/src/libstrongswan/plugins/curl/curl_fetcher.c
+++ b/src/libstrongswan/plugins/curl/curl_fetcher.c
@@ -35,7 +35,7 @@ struct private_curl_fetcher_t {
 	 * Public data
 	 */
 	curl_fetcher_t public;
-
+	
 	/**
 	 * CURL handle
 	 */
@@ -52,15 +52,15 @@ struct private_curl_fetcher_t {
  */
 static size_t append(void *ptr, size_t size, size_t nmemb, chunk_t *data)
 {
-    size_t realsize = size * nmemb;
-
-    data->ptr = (u_char*)realloc(data->ptr, data->len + realsize);
-    if (data->ptr)
-    {
+	size_t realsize = size * nmemb;
+	
+	data->ptr = (u_char*)realloc(data->ptr, data->len + realsize);
+	if (data->ptr)
+	{
 		memcpy(&data->ptr[data->len], ptr, realsize);
 		data->len += realsize;
-    }
-    return realsize;
+	}
+	return realsize;
 }
 
 /**
@@ -91,7 +91,7 @@ static status_t fetch(private_curl_fetcher_t *this, char *uri, chunk_t *result)
 		headers = curl_slist_append(headers, buf);
 		curl_easy_setopt(this->curl, CURLOPT_HTTPHEADER, headers);
 	}
-
+	
 	DBG2("sending http request to '%s'...", uri);
 	switch (curl_easy_perform(this->curl))
 	{
@@ -102,7 +102,7 @@ static status_t fetch(private_curl_fetcher_t *this, char *uri, chunk_t *result)
 			status = SUCCESS;
 			break;
 		default:
-    		DBG1("libcurl http request failed: %s", error);
+			DBG1("libcurl http request failed: %s", error);
 			status = FAILED;
 			break;
 	}
@@ -158,7 +158,7 @@ static void destroy(private_curl_fetcher_t *this)
 curl_fetcher_t *curl_fetcher_create()
 {
 	private_curl_fetcher_t *this = malloc_thing(private_curl_fetcher_t);
-
+	
 	this->curl = curl_easy_init();
 	if (this->curl == NULL)
 	{
@@ -166,11 +166,11 @@ curl_fetcher_t *curl_fetcher_create()
 		return NULL;
 	}
 	this->request_type = NULL;
-
+	
 	this->public.interface.fetch = (status_t(*)(fetcher_t*,char*,chunk_t*))fetch;
 	this->public.interface.set_option = (bool(*)(fetcher_t*, fetcher_option_t option, ...))set_option;
 	this->public.interface.destroy = (void (*)(fetcher_t*))destroy;
-
+	
 	return &this->public;
 }
 
diff --git a/src/libstrongswan/settings.h b/src/libstrongswan/settings.h
index c487f7775..1434b410c 100644
--- a/src/libstrongswan/settings.h
+++ b/src/libstrongswan/settings.h
@@ -25,7 +25,7 @@
 
 typedef struct settings_t settings_t;
 
-#include <library.h>
+#include <utils.h>
 #include <utils/enumerator.h>
 
 /**
diff --git a/src/libstrongswan/utils/enumerator.h b/src/libstrongswan/utils/enumerator.h
index 5899194a5..8af45ec10 100644
--- a/src/libstrongswan/utils/enumerator.h
+++ b/src/libstrongswan/utils/enumerator.h
@@ -25,7 +25,7 @@
 
 typedef struct enumerator_t enumerator_t;
 
-#include <library.h>
+#include <utils.h>
 
 /**
  * Enumerate is simpler, but more flexible than iterator.
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index 9497f3569..213642e9a 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -208,34 +208,22 @@ static void update_chunk(chunk_t *ch, int n)
  * Remove any malicious characters from a chunk. We are very restrictive, but
  * whe use these strings only to present it to the user.
  */
-static chunk_t sanitize_chunk(chunk_t chunk)
+static bool sanitize_chunk(chunk_t chunk, chunk_t *clone)
 {
 	char *pos;
-	chunk_t clone = chunk_clone(chunk);
+	bool all_printable = TRUE;
 	
-	for (pos = clone.ptr; pos < (char*)(clone.ptr + clone.len); pos++)
+	*clone = chunk_clone(chunk);
+	
+	for (pos = clone->ptr; pos < (char*)(clone->ptr + clone->len); pos++)
 	{
-		switch (*pos)
+		if (!isprint(*pos))
 		{
-			case '\0':
-			case ' ':
-			case '*':
-			case '-':
-			case '.':
-			case '/':
-			case '0' ... '9':
-			case ':':
-			case '=':
-			case '@':
-			case 'A' ... 'Z':
-			case '_':
-			case 'a' ... 'z':
-				break;
-			default:
-				*pos = '?';
+			*pos = '?';
+			all_printable = FALSE;
 		}
 	}
-	return clone;
+	return all_printable;
 }
 
 /**
@@ -404,7 +392,7 @@ static bool dntoa(chunk_t dn, chunk_t *str)
 			update_chunk(str, snprintf(str->ptr,str->len,"%s", oid_names[oid_code].name));
 		}
 		/* print value */
-		proper = sanitize_chunk(value);
+		sanitize_chunk(value, &proper);
 		update_chunk(str, snprintf(str->ptr,str->len,"=%.*s", (int)proper.len, proper.ptr));
 		chunk_free(&proper);
 	}
@@ -945,9 +933,8 @@ int identification_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
 		case ID_FQDN:
 		case ID_RFC822_ADDR:
 		case ID_DER_ASN1_GN_URI:
-		case ID_EAP:
 		case ID_IETF_ATTR_STRING:
-			proper = sanitize_chunk(this->encoded);
+			sanitize_chunk(this->encoded, &proper);
 			snprintf(buf, sizeof(buf), "%.*s", proper.len, proper.ptr);
 			chunk_free(&proper);
 			break;
@@ -961,6 +948,16 @@ int identification_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
 			snprintf(buf, sizeof(buf), "(ASN.1 general Name");
 			break;
 		case ID_KEY_ID:
+			if (sanitize_chunk(this->encoded, &proper))
+			{	/* fully printable, use ascii version */
+				snprintf(buf, sizeof(buf), "%.*s", proper.len, proper.ptr);
+			}
+			else
+			{	/* not printable, hex dump */
+				snprintf(buf, sizeof(buf), "%#B", &this->encoded);
+			}
+			chunk_free(&proper);
+			break;
 		case ID_PUBKEY_INFO_SHA1:
 		case ID_PUBKEY_SHA1:
 		case ID_CERT_DER_SHA1:
@@ -1043,8 +1040,9 @@ identification_t *identification_create_from_string(char *string)
 		 */
 		if (atodn(string, &this->encoded) != SUCCESS)
 		{
-			free(this);
-			return NULL;
+			this->type = ID_KEY_ID;
+			this->encoded = chunk_clone(chunk_create(string, strlen(string)));
+			return &this->public;
 		}
 		this->type = ID_DER_ASN1_DN;
 		this->public.equals = (bool (*) (identification_t*,identification_t*))equals_dn;
@@ -1084,11 +1082,11 @@ identification_t *identification_create_from_string(char *string)
 						(identification_t*,identification_t*))matches_string;
 					this->public.equals = (bool (*)
 						(identification_t*,identification_t*))equals_strcasecmp;
-					return &(this->public);
+					return &this->public;
 				}
 				this->encoded = chunk_clone(chunk);
 				this->type = ID_IPV4_ADDR;
-				return &(this->public);
+				return &this->public;
 			}
 			else
 			{
@@ -1098,12 +1096,14 @@ identification_t *identification_create_from_string(char *string)
 				
 				if (inet_pton(AF_INET6, string, &address) <= 0)
 				{
-					free(this);
-					return NULL;
+					this->type = ID_KEY_ID;
+					this->encoded = chunk_clone(chunk_create(string,
+															 strlen(string)));
+					return &this->public;
 				}
 				this->encoded = chunk_clone(chunk);
 				this->type = ID_IPV6_ADDR;
-				return &(this->public);
+				return &this->public;
 			}
 		}
 	}
@@ -1117,7 +1117,7 @@ identification_t *identification_create_from_string(char *string)
 				this->type = ID_KEY_ID;
 				this->encoded = chunk_from_hex(
 									chunk_create(string, strlen(string)), NULL);
-				return &(this->public);
+				return &this->public;
 			}
 			else
 			{
@@ -1128,7 +1128,7 @@ identification_t *identification_create_from_string(char *string)
 						(identification_t*,identification_t*))matches_string;
 				this->public.equals = (bool (*)
 							(identification_t*,identification_t*))equals_strcasecmp;
-				return &(this->public);
+				return &this->public;
 			}
 		}
 		else
@@ -1140,7 +1140,7 @@ identification_t *identification_create_from_string(char *string)
 					(identification_t*,identification_t*))matches_string;
 			this->public.equals = (bool (*)
 						(identification_t*,identification_t*))equals_strcasecmp;
-			return &(this->public);
+			return &this->public;
 		}
 	}
 }
@@ -1180,7 +1180,6 @@ identification_t *identification_create_from_encoding(id_type_t type, chunk_t en
 		case ID_PUBKEY_INFO_SHA1:
 		case ID_PUBKEY_SHA1:
 		case ID_CERT_DER_SHA1:
-		case ID_EAP:
 		case ID_IETF_ATTR_STRING:
 		default:
 			break;
diff --git a/src/libstrongswan/utils/identification.h b/src/libstrongswan/utils/identification.h
index 6cfc7c473..90eadb625 100644
--- a/src/libstrongswan/utils/identification.h
+++ b/src/libstrongswan/utils/identification.h
@@ -143,16 +143,11 @@ enum id_type_t {
 	 * SHA1 hash of the binary DER encoding of a certificate
 	 */
 	ID_CERT_DER_SHA1 = 204,
-	
-	/**
-	 * Generic EAP identity
-	 */
-	ID_EAP = 205,
 
 	/**
 	 * IETF Attribute Syntax String (RFC 3281)
 	 */
-	ID_IETF_ATTR_STRING = 206,
+	ID_IETF_ATTR_STRING = 205,
 };
 
 /**
@@ -257,8 +252,11 @@ struct identification_t {
  * N, G, I, ID, EN, EmployeeNumber, E, Email, emailAddress, UN, 
  * unstructuredName, TCGID.
  * 
+ * This constructor never returns NULL. If it does not find a suitable
+ * conversion function, it will copy the string to an ID_KEY_ID.
+ * 
  * @param string	input string, which will be converted
- * @return			created identification_t, NULL if not supported.
+ * @return			identification_t
  */
 identification_t * identification_create_from_string(char *string);
 
diff --git a/src/libstrongswan/utils/linked_list.h b/src/libstrongswan/utils/linked_list.h
index b7152500c..7c388f764 100644
--- a/src/libstrongswan/utils/linked_list.h
+++ b/src/libstrongswan/utils/linked_list.h
@@ -27,7 +27,6 @@
 
 typedef struct linked_list_t linked_list_t;
 
-#include <library.h>
 #include <utils/iterator.h>
 #include <utils/enumerator.h>