X509_IP_ADDR_BLOCKS flag signals the presence of an ipAddrBlock certificate extension

author Andreas Steffen <andreas.steffen@strongswan.org>

Tue, 22 Dec 2009 12:18:27 +0000 (13:18 +0100)

committer Andreas Steffen <andreas.steffen@strongswan.org>

Tue, 22 Dec 2009 12:18:27 +0000 (13:18 +0100)
author Andreas Steffen <andreas.steffen@strongswan.org>
Tue, 22 Dec 2009 12:18:27 +0000 (13:18 +0100)
committer Andreas Steffen <andreas.steffen@strongswan.org>
Tue, 22 Dec 2009 12:18:27 +0000 (13:18 +0100)
diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h

index 37c59a963d65a41f38a995021ee3bf6c1a793e95..ebe660d59dce5552646f4c21fe2434b52bbdafdd 100644 (file)
--- a/src/libstrongswan/credentials/certificates/x509.h
+++ b/src/libstrongswan/credentials/certificates/x509.h
@@ -35,17 +35,19 @@ typedef enum x509_flag_t x509_flag_t;
   */
  enum x509_flag_t {
         /** cert has no constraints */
-       X509_NONE =                     0, 
+       X509_NONE =                        0, 
         /** cert has CA constraint */
-       X509_CA =                       (1<<0),
+       X509_CA =                         (1<<0),
         /** cert has AA constraint */
-       X509_AA =                       (1<<1),
+       X509_AA =                         (1<<1),
         /** cert has OCSP signer constraint */
-       X509_OCSP_SIGNER =      (1<<2),
+       X509_OCSP_SIGNER =        (1<<2),
         /** cert has serverAuth constraint */
-       X509_SERVER_AUTH =      (1<<3),
+       X509_SERVER_AUTH =        (1<<3),
         /** cert is self-signed */
-       X509_SELF_SIGNED =  (1<<4),
+       X509_SELF_SIGNED =    (1<<4),
+       /** cert has an ipAddrBlocks extension */
+       X509_IP_ADDR_BLOCKS = (1<<5),
  };
  
  /**
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c

index c3c377d089f6667045dd0dde865c2e7582c60ddf..dee056d5d3f10770cd723c01e547252e56b951fd 100644 (file)
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -803,7 +803,8 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0,
                                 break;
                 }
         }
-
+       this->flags |= X509_IP_ADDR_BLOCKS;
+       
  end:
         parser->destroy(parser);
  }
author	Andreas Steffen <andreas.steffen@strongswan.org>
	Tue, 22 Dec 2009 12:18:27 +0000 (13:18 +0100)
committer	Andreas Steffen <andreas.steffen@strongswan.org>
	Tue, 22 Dec 2009 12:18:27 +0000 (13:18 +0100)
src/libstrongswan/credentials/certificates/x509.h		patch \| blob \| blame \| history
src/libstrongswan/plugins/x509/x509_cert.c		patch \| blob \| blame \| history