ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

set certinfo status to CERT_UNKNOWN before crl and|or ocsp verification

This commit is contained in:
Andreas Steffen 2007-05-25 08:21:27 +00:00
parent f2566a3bac
commit 13b872ebd2
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/charon/config/credentials/local_credential_store.c
View File

@ -301,7 +301,7 @@ static rsa_public_key_t *get_rsa_public_key(private_local_credential_store_t *th
/**
* Implementation of credential_store_t.get_issuer.
*/
static ca_info_t* get_issuer(private_local_credential_store_t *this, const x509_t *cert)
static ca_info_t* get_issuer(private_local_credential_store_t *this, x509_t *cert)
{
ca_info_t *found = cert->get_ca_info(cert);
@ -548,7 +548,7 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
x509_t *end_cert = cert;
x509_t *cert_copy = find_certificate(this->certs, end_cert);
DBG2(DBG_CFG, "verifying end entity certificate:");
DBG1(DBG_CFG, "verifying end entity certificate up to trust anchor:");
*found = (cert_copy != NULL);
if (*found)
@ -618,6 +618,8 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
cert_status_t status;
certinfo_t *certinfo = certinfo_create(cert->get_serialNumber(cert));
certinfo->set_status(certinfo, CERT_UNKNOWN);
if (pathlen == 0)
{
/* add any crl and ocsp uris contained in the certificate under test */
@ -725,6 +727,8 @@ static status_t verify_signature(private_local_credential_store_t *this,
status_t sig_status;
x509_t *cert;
DBG1(DBG_CFG, "verifying RSA signature:");
/* default return values in case of failure */
sig_status = NOT_FOUND;
*issuer_p = NULL;
@ -1458,7 +1462,7 @@ local_credential_store_t * local_credential_store_create(void)
this->public.credential_store.get_certificate = (x509_t* (*) (credential_store_t*,identification_t*))get_certificate;
this->public.credential_store.get_auth_certificate = (x509_t* (*) (credential_store_t*,u_int,identification_t*))get_auth_certificate;
this->public.credential_store.get_ca_certificate_by_keyid = (x509_t* (*) (credential_store_t*,chunk_t))get_ca_certificate_by_keyid;
this->public.credential_store.get_issuer = (ca_info_t* (*) (credential_store_t*,const x509_t*))get_issuer;
this->public.credential_store.get_issuer = (ca_info_t* (*) (credential_store_t*,x509_t*))get_issuer;
this->public.credential_store.is_trusted = (bool (*) (credential_store_t*,x509_t*))is_trusted;
this->public.credential_store.verify_signature = (status_t (*) (credential_store_t*,chunk_t,chunk_t,identification_t*,ca_info_t**))verify_signature;
this->public.credential_store.verify = (bool (*) (credential_store_t*,x509_t*,bool*))verify;