From: Martin Willi Date: Thu, 23 Dec 2010 11:17:49 +0000 (+0100) Subject: Added an AUTH_HELPER for revocation certificates X-Git-Tag: 4.5.1~153 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1a79d76abc8e644b62f2c0e15c87d1cefc82c43f;p=thirdparty%2Fstrongswan.git Added an AUTH_HELPER for revocation certificates --- diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index 98659f77b2..23a3f62d90 100644 --- a/src/libstrongswan/credentials/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -131,6 +131,7 @@ static void destroy_entry_value(entry_t *entry) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: + case AUTH_HELPER_REVOCATION_CERT: { certificate_t *cert = (certificate_t*)entry->value; cert->destroy(cert); @@ -192,6 +193,7 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator, case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: + case AUTH_HELPER_REVOCATION_CERT: /* pointer type */ enumerator->current->value = va_arg(args, void*); break; @@ -261,6 +263,7 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type) case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: + case AUTH_HELPER_REVOCATION_CERT: default: return NULL; } @@ -300,6 +303,7 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...) case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: + case AUTH_HELPER_REVOCATION_CERT: /* pointer type */ entry->value = va_arg(args, void*); break; @@ -561,6 +565,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: + case AUTH_HELPER_REVOCATION_CERT: /* skip helpers */ continue; } @@ -607,6 +612,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: + case AUTH_HELPER_REVOCATION_CERT: { certificate_t *cert = (certificate_t*)value; @@ -702,6 +708,7 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: + case AUTH_HELPER_REVOCATION_CERT: { certificate_t *c1, *c2; @@ -815,6 +822,7 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: + case AUTH_HELPER_REVOCATION_CERT: { certificate_t *cert = (certificate_t*)entry->value; clone->add(clone, entry->type, cert->get_ref(cert)); diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h index 8391f79b0f..489ce1134d 100644 --- a/src/libstrongswan/credentials/auth_cfg.h +++ b/src/libstrongswan/credentials/auth_cfg.h @@ -105,6 +105,8 @@ enum auth_rule_t { AUTH_HELPER_IM_HASH_URL, /** Hash and URL of a end-entity certificate, char* */ AUTH_HELPER_SUBJECT_HASH_URL, + /** revocation certificate (CRL, OCSP), certificate_t* */ + AUTH_HELPER_REVOCATION_CERT, }; /** diff --git a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c index 5e84586161..225fabe31d 100644 --- a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c +++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c @@ -132,7 +132,8 @@ static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert) } } else if (rule != AUTH_HELPER_SUBJECT_CERT && - rule != AUTH_HELPER_IM_CERT) + rule != AUTH_HELPER_IM_CERT && + rule != AUTH_HELPER_REVOCATION_CERT) { /* handle only HELPER certificates */ continue; }