sig = sig_payload->get_hash(sig_payload);
auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
enumerator = lib->credmgr->create_public_enumerator(lib->credmgr, this->type,
- id, auth);
+ id, auth, TRUE);
while (enumerator->enumerate(enumerator, &public, ¤t_auth))
{
if (public->verify(public, scheme, hash, sig))
}
auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
enumerator = lib->credmgr->create_public_enumerator(lib->credmgr,
- key_type, id, auth);
+ key_type, id, auth, TRUE);
while (enumerator->enumerate(enumerator, &public, ¤t_auth))
{
if (public->verify(public, scheme, octets, auth_data))
/*
+ * Copyright (C) 2015 Tobias Brunner
* Copyright (C) 2007 Martin Willi
* Hochschule fuer Technik Rapperswil
*
METHOD(credential_manager_t, create_public_enumerator, enumerator_t*,
private_credential_manager_t *this, key_type_t type, identification_t *id,
- auth_cfg_t *auth)
+ auth_cfg_t *auth, bool online)
{
public_enumerator_t *enumerator;
.enumerate = (void*)_public_enumerate,
.destroy = _public_destroy,
},
- .inner = create_trusted_enumerator(this, type, id, TRUE),
+ .inner = create_trusted_enumerator(this, type, id, online),
.this = this,
);
if (auth)
/*
+ * Copyright (C) 2015 Tobias Brunner
* Copyright (C) 2007-2009 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* where the auth config helper contains rules for constraint checks.
* This function is very similar to create_trusted_enumerator(), but
* gets public keys directly.
+ * If online is set, revocations are checked online for the whole
+ * trustchain.
*
* @param type type of the key to get
* @param id owner of the key, signer of the signature
* @param auth authentication infos
+ * @param online whether revocations should be checked online
* @return enumerator
*/
enumerator_t* (*create_public_enumerator)(credential_manager_t *this,
- key_type_t type, identification_t *id, auth_cfg_t *auth);
+ key_type_t type, identification_t *id, auth_cfg_t *auth,
+ bool online);
/**
* Cache a certificate by invoking cache_cert() on all registered sets.
if (cert)
{
enumerator = lib->credmgr->create_public_enumerator(lib->credmgr,
- KEY_ANY, cert->get_subject(cert), this->server_auth);
+ KEY_ANY, cert->get_subject(cert),
+ this->server_auth, TRUE);
while (enumerator->enumerate(enumerator, ¤t, &auth))
{
found = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
bio_reader_t *sig;
enumerator = lib->credmgr->create_public_enumerator(lib->credmgr,
- KEY_ANY, this->peer, this->peer_auth);
+ KEY_ANY, this->peer, this->peer_auth, TRUE);
while (enumerator->enumerate(enumerator, &public, &auth))
{
sig = bio_reader_create(reader->peek(reader));