ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

use trusted self-signed root CA certificates as trust anchor only

This commit is contained in:
Martin Willi 2008-03-27 13:38:02 +00:00
parent e74bc8e51d
commit 0d30ba3343
1 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/charon/credentials/credential_manager.c
View File

@ -904,10 +904,20 @@ static bool verify_trust_chain(private_credential_manager_t *this,
issuer = get_issuer_cert(this, current, TRUE);
if (issuer)
{
auth->add_item(auth, AUTHZ_CA_CERT, issuer);
DBG1(DBG_CFG, " using trusted ca certificate \"%D\"",
issuer->get_subject(issuer));
trusted = TRUE;
/* accept only self-signed CAs as trust anchor */
if (this->cache->issued_by(this->cache, issuer, issuer))
{
auth->add_item(auth, AUTHZ_CA_CERT, issuer);
DBG1(DBG_CFG, " using trusted ca certificate \"%D\"",
issuer->get_subject(issuer));
trusted = TRUE;
}
else
{
auth->add_item(auth, AUTHZ_IM_CERT, issuer);
DBG1(DBG_CFG, " using trusted intermediate ca certificate "
"\"%D\"", issuer->get_subject(issuer));
}
}
else
{
@ -922,8 +932,8 @@ static bool verify_trust_chain(private_credential_manager_t *this,
break;
}
auth->add_item(auth, AUTHZ_IM_CERT, issuer);
DBG1(DBG_CFG, " using untrusted ca certificate \"%D\"",
issuer->get_subject(issuer));
DBG1(DBG_CFG, " using untrusted intermediate certificate "
"\"%D\"", issuer->get_subject(issuer));
}
else
{