char *secrets_file;
/**
- * credentials
+ * credentials: end entity certs, attribute certs, CRLs, etc.
*/
mem_cred_t *creds;
+ /**
+ * CA certificates
+ */
+ mem_cred_t *cacerts;
+
+ /**
+ * Attribute Authority certificates
+ */
+ mem_cred_t *aacerts;
+
/**
* ignore missing CA basic constraint (i.e. treat all certificates in
* ipsec.conf ca sections and ipsec.d/cacerts as CA certificates)
{
DBG1(DBG_CFG, " loaded ca certificate \"%Y\" from '%s'",
cert->get_subject(cert), file);
- this->creds->add_cert(this->creds, TRUE, cert);
+ this->cacerts->add_cert(this->cacerts, TRUE, cert);
}
}
else
{
DBG1(DBG_CFG, " loaded AA certificate \"%Y\" from '%s'",
cert->get_subject(cert), file);
- this->creds->add_cert(this->creds, TRUE, cert);
+ this->aacerts->add_cert(this->aacerts, TRUE, cert);
}
else
{
METHOD(stroke_cred_t, destroy, void,
private_stroke_cred_t *this)
{
+ lib->credmgr->remove_set(lib->credmgr, &this->aacerts->set);
+ lib->credmgr->remove_set(lib->credmgr, &this->cacerts->set);
lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
+ this->aacerts->destroy(this->aacerts);
+ this->cacerts->destroy(this->cacerts);
this->creds->destroy(this->creds);
free(this);
}
"%s.plugins.stroke.secrets_file", SECRETS_FILE,
lib->ns),
.creds = mem_cred_create(),
+ .cacerts = mem_cred_create(),
+ .aacerts = mem_cred_create(),
);
lib->credmgr->add_set(lib->credmgr, &this->creds->set);
+ lib->credmgr->add_set(lib->credmgr, &this->cacerts->set);
+ lib->credmgr->add_set(lib->credmgr, &this->aacerts->set);
this->force_ca_cert = lib->settings->get_bool(lib->settings,
"%s.plugins.stroke.ignore_missing_ca_basic_constraint",
projects / thirdparty / strongswan.git / commitdiff
