diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/bus/bus.c | 29 | ||||
| -rw-r--r-- | src/libcharon/bus/bus.h | 14 |
2 files changed, 43 insertions, 0 deletions
diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c index 34d4678d3..b46184809 100644 --- a/src/libcharon/bus/bus.c +++ b/src/libcharon/bus/bus.c @@ -833,10 +833,37 @@ METHOD(bus_t, assign_vips, void, this->mutex->unlock(this->mutex); } +/** + * Credential manager hook function to forward bus alerts + */ +static void hook_creds(private_bus_t *this, credential_hook_type_t type, + certificate_t *cert) +{ + switch (type) + { + case CRED_HOOK_EXPIRED: + return alert(this, ALERT_CERT_EXPIRED, cert); + case CRED_HOOK_REVOKED: + return alert(this, ALERT_CERT_REVOKED, cert); + case CRED_HOOK_VALIDATION_FAILED: + return alert(this, ALERT_CERT_VALIDATION_FAILED, cert); + case CRED_HOOK_NO_ISSUER: + return alert(this, ALERT_CERT_NO_ISSUER, cert); + case CRED_HOOK_UNTRUSTED_ROOT: + return alert(this, ALERT_CERT_UNTRUSTED_ROOT, cert); + case CRED_HOOK_EXCEEDED_PATH_LEN: + return alert(this, ALERT_CERT_EXCEEDED_PATH_LEN, cert); + case CRED_HOOK_POLICY_VIOLATION: + return alert(this, ALERT_CERT_POLICY_VIOLATION, cert); + } +} + METHOD(bus_t, destroy, void, private_bus_t *this) { debug_t group; + + lib->credmgr->set_hook(lib->credmgr, NULL, NULL); for (group = 0; group < DBG_MAX; group++) { this->loggers[group]->destroy(this->loggers[group]); @@ -897,5 +924,7 @@ bus_t *bus_create() this->max_vlevel[group] = LEVEL_SILENT; } + lib->credmgr->set_hook(lib->credmgr, (credential_hook_t)hook_creds, this); + return &this->public; } diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h index cc2eb0167..4a0ac68e3 100644 --- a/src/libcharon/bus/bus.h +++ b/src/libcharon/bus/bus.h @@ -136,6 +136,20 @@ enum alert_t { ALERT_AUTHORIZATION_FAILED, /** IKE_SA hit the hard lifetime limit before it could be rekeyed */ ALERT_IKE_SA_EXPIRED, + /** Certificate rejected; it has expired, certificate_t */ + ALERT_CERT_EXPIRED, + /** Certificate rejected; it has been revoked, certificate_t */ + ALERT_CERT_REVOKED, + /** Validating certificate status failed, certificate_t */ + ALERT_CERT_VALIDATION_FAILED, + /** Certificate rejected; no trusted issuer found, certificate_t */ + ALERT_CERT_NO_ISSUER, + /** Certificate rejected; root not trusted, certificate_t */ + ALERT_CERT_UNTRUSTED_ROOT, + /** Certificate rejected; trustchain length exceeds limit, certificate_t */ + ALERT_CERT_EXCEEDED_PATH_LEN, + /** Certificate rejected; other policy violation, certificate_t */ + ALERT_CERT_POLICY_VIOLATION, }; /** |