identification_t *id;
linked_list_t *list, *list2;
peer_cfg_t *peer_cfg;
+ certificate_t *cert;
+ time_t not_before, not_after;
if (!this->socket->has_listeners(this->socket))
{
snprintf(msg.str, sizeof(msg.str), "an authorization plugin "
"prevented establishment of an IKE_SA");
break;
+ case ALERT_CERT_EXPIRED:
+ msg.type = htonl(ERROR_NOTIFY_CERT_EXPIRED);
+ cert = va_arg(args, certificate_t*);
+ cert->get_validity(cert, NULL, ¬_before, ¬_after);
+ snprintf(msg.str, sizeof(msg.str), "certificiate expired: '%Y' "
+ "(valid from %T to %T)", cert->get_subject(cert),
+ ¬_before, TRUE, ¬_after, TRUE);
+ break;
+ case ALERT_CERT_REVOKED:
+ msg.type = htonl(ERROR_NOTIFY_CERT_REVOKED);
+ cert = va_arg(args, certificate_t*);
+ snprintf(msg.str, sizeof(msg.str), "certificiate revoked: '%Y'",
+ cert->get_subject(cert));
+ break;
+ case ALERT_CERT_NO_ISSUER:
+ msg.type = htonl(ERROR_NOTIFY_NO_ISSUER_CERT);
+ cert = va_arg(args, certificate_t*);
+ snprintf(msg.str, sizeof(msg.str), "no trusted issuer certificate "
+ "found: '%Y'", cert->get_issuer(cert));
+ break;
default:
return TRUE;
}
ERROR_NOTIFY_UNIQUE_KEEP = 14,
ERROR_NOTIFY_VIP_FAILURE = 15,
ERROR_NOTIFY_AUTHORIZATION_FAILED = 16,
+ ERROR_NOTIFY_CERT_EXPIRED = 17,
+ ERROR_NOTIFY_CERT_REVOKED = 18,
+ ERROR_NOTIFY_NO_ISSUER_CERT = 19,
};
/**
projects / thirdparty / strongswan.git / commitdiff
