From: Martin Willi <martin@revosec.ch>
Date: Wed, 5 Feb 2014 16:56:05 +0000 (+0100)
Subject: ikev2: Cache all received attribute certificates to auth config
X-Git-Tag: 5.1.3rc1~24^2~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3a2deb98bcedfdeb1debc952c969cb9d1f52328c;p=thirdparty%2Fstrongswan.git

ikev2: Cache all received attribute certificates to auth config
---

diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
index bd28b29d73..558b1e9140 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
@@ -259,6 +259,30 @@ static void process_crl(cert_payload_t *payload, auth_cfg_t *auth)
 	}
 }
 
+/**
+ * Process an attribute certificate payload
+ */
+static void process_ac(cert_payload_t *payload, auth_cfg_t *auth)
+{
+	certificate_t *cert;
+
+	cert = payload->get_cert(payload);
+	if (cert)
+	{
+		if (cert->get_issuer(cert))
+		{
+			DBG1(DBG_IKE, "received attribute certificate issued by \"%Y\"",
+				 cert->get_issuer(cert));
+		}
+		else if (cert->get_subject(cert))
+		{
+			DBG1(DBG_IKE, "received attribute certificate for \"%Y\"",
+				 cert->get_subject(cert));
+		}
+		auth->add(auth, AUTH_HELPER_AC_CERT, cert);
+	}
+}
+
 /**
  * Process certificate payloads
  */
@@ -298,13 +322,15 @@ static void process_certs(private_ike_cert_pre_t *this, message_t *message)
 				case ENC_CRL:
 					process_crl(cert_payload, auth);
 					break;
+				case ENC_X509_ATTRIBUTE:
+					process_ac(cert_payload, auth);
+					break;
 				case ENC_PKCS7_WRAPPED_X509:
 				case ENC_PGP:
 				case ENC_DNS_SIGNED_KEY:
 				case ENC_KERBEROS_TOKEN:
 				case ENC_ARL:
 				case ENC_SPKI:
-				case ENC_X509_ATTRIBUTE:
 				case ENC_RAW_RSA_KEY:
 				case ENC_X509_HASH_AND_URL_BUNDLE:
 				case ENC_OCSP_CONTENT: