aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/libstrongswan/credentials/cert_validator.h1
-rw-r--r--src/libstrongswan/credentials/credential_manager.c4
2 files changed, 5 insertions, 0 deletions
diff --git a/src/libstrongswan/credentials/cert_validator.h b/src/libstrongswan/credentials/cert_validator.h
index 00e30d7a0..effc6b0d6 100644
--- a/src/libstrongswan/credentials/cert_validator.h
+++ b/src/libstrongswan/credentials/cert_validator.h
@@ -43,6 +43,7 @@ struct cert_validator_t {
* @param pathlen the current length of the path bottom-up
* @param anchor is issuer trusted root anchor
* @param auth container for resulting authentication info
+ * @return TRUE if subject certificate valid
*/
bool (*validate)(cert_validator_t *this, certificate_t *subject,
certificate_t *issuer, bool online, u_int pathlen,
diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
index 9e40c5a10..a427b57fb 100644
--- a/src/libstrongswan/credentials/credential_manager.c
+++ b/src/libstrongswan/credentials/credential_manager.c
@@ -541,6 +541,10 @@ static bool check_certificate(private_credential_manager_t *this,
enumerator = this->validators->create_enumerator(this->validators);
while (enumerator->enumerate(enumerator, &validator))
{
+ if (!validator->validate)
+ {
+ continue;
+ }
if (!validator->validate(validator, subject, issuer,
online, pathlen, trusted, auth))
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-15 15:46:43 +0000