#include <credentials/certificates/ocsp_request.h>
#include <credentials/certificates/ocsp_response.h>
+/**
+ * Maximum length of a certificate trust chain
+ */
+#define MAX_TRUST_PATH_LEN 7
+
typedef struct private_credential_manager_t private_credential_manager_t;
/**
auth = auth_cfg_create();
current = subject->get_ref(subject);
- for (pathlen = 0; pathlen <= X509_MAX_PATH_LEN; pathlen++)
+ for (pathlen = 0; pathlen <= MAX_TRUST_PATH_LEN; pathlen++)
{
issuer = get_issuer_cert(this, current, TRUE);
if (issuer)
}
}
current->destroy(current);
- if (pathlen > X509_MAX_PATH_LEN)
+ if (pathlen > MAX_TRUST_PATH_LEN)
{
- DBG1(DBG_CFG, "maximum path length of %d exceeded", X509_MAX_PATH_LEN);
+ DBG1(DBG_CFG, "maximum path length of %d exceeded", MAX_TRUST_PATH_LEN);
}
if (trusted)
{
}
issuer = get_issuer_cert(this, current, FALSE);
if (!issuer || issuer->equals(issuer, current) ||
- pathlen > X509_MAX_PATH_LEN)
+ pathlen > MAX_TRUST_PATH_LEN)
{
DESTROY_IF(issuer);
break;
#include <credentials/certificates/certificate.h>
#define X509_NO_PATH_LEN_CONSTRAINT -1
-#define X509_MAX_PATH_LEN 7
typedef struct x509_t x509_t;
typedef enum x509_flag_t x509_flag_t;
#include "constants.h"
#include "certs.h"
+#define X509_MAX_PATH_LEN 7
+
extern bool same_keyid(chunk_t a, chunk_t b);
extern bool x509_check_signature(chunk_t tbs, chunk_t sig, int algorithm,
certificate_t *issuer_cert);
projects / thirdparty / strongswan.git / commitdiff
