From 09e319d419a34cacc98420c1585e131362127574 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Wed, 22 Dec 2010 10:34:58 +0100
Subject: Always pass auth info to validate(), use pathlen to check for user
 certificate

---
 src/libstrongswan/plugins/revocation/revocation_validator.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src/libstrongswan/plugins/revocation')

diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c
index c9a60934b..0fe97225f 100644
--- a/src/libstrongswan/plugins/revocation/revocation_validator.c
+++ b/src/libstrongswan/plugins/revocation/revocation_validator.c
@@ -576,7 +576,8 @@ METHOD(cert_validator_t, validate, bool,
 	{
 		DBG1(DBG_CFG, "checking certificate status of \"%Y\"",
 					   subject->get_subject(subject));
-		switch (check_ocsp((x509_t*)subject, (x509_t*)issuer, auth))
+		switch (check_ocsp((x509_t*)subject, (x509_t*)issuer,
+						   pathlen ? NULL : auth))
 		{
 			case VALIDATION_GOOD:
 				DBG1(DBG_CFG, "certificate status is good");
@@ -594,7 +595,8 @@ METHOD(cert_validator_t, validate, bool,
 				DBG1(DBG_CFG, "ocsp check failed, fallback to crl");
 				break;
 		}
-		switch (check_crl((x509_t*)subject, (x509_t*)issuer, auth))
+		switch (check_crl((x509_t*)subject, (x509_t*)issuer,
+						  pathlen ? NULL : auth))
 		{
 			case VALIDATION_GOOD:
 				DBG1(DBG_CFG, "certificate status is good");
-- 
cgit v1.2.3