From: Martin Willi Date: Thu, 9 Sep 2010 15:40:16 +0000 (+0200) Subject: Compare subject against all key identifiers in has_subject() X-Git-Tag: 4.5.0~181 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=663e7355539eb2bd423a29401f5e49a62ca93727;p=thirdparty%2Fstrongswan.git Compare subject against all key identifiers in has_subject() --- diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index 4cc9356254..aa39bc93d2 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -295,10 +295,23 @@ METHOD(certificate_t, has_subject, id_match_t, identification_t *current; enumerator_t *enumerator; id_match_t match, best; + chunk_t encoding; if (subject->get_type(subject) == ID_KEY_ID) { - if (chunk_equals(this->hash, subject->get_encoding(subject))) + encoding = subject->get_encoding(subject); + + if (chunk_equals(this->hash, encoding)) + { + return ID_MATCH_PERFECT; + } + if (this->subjectKeyIdentifier.len && + chunk_equals(this->subjectKeyIdentifier, encoding)) + { + return ID_MATCH_PERFECT; + } + if (this->pubkey && + this->pubkey->has_fingerprint(this->pubkey, encoding)) { return ID_MATCH_PERFECT; } diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 1ddb64f8c6..559090aa01 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -1098,11 +1098,6 @@ static identification_t* get_issuer(private_x509_cert_t *this) return this->issuer; } -/** - * Forward declaration - */ -static chunk_t get_subjectKeyIdentifier(private_x509_cert_t *this); - /** * Implementation of certificate_t.has_subject. */ @@ -1111,20 +1106,28 @@ static id_match_t has_subject(private_x509_cert_t *this, identification_t *subje identification_t *current; enumerator_t *enumerator; id_match_t match, best; + chunk_t encoding; if (subject->get_type(subject) == ID_KEY_ID) { - chunk_t keyid = subject->get_encoding(subject); + encoding = subject->get_encoding(subject); - if (this->encoding_hash.ptr && chunk_equals(this->encoding_hash, keyid)) + if (this->encoding_hash.len && + chunk_equals(this->encoding_hash, encoding)) { return ID_MATCH_PERFECT; } - if (chunk_equals(get_subjectKeyIdentifier(this), keyid)) + if (this->subjectKeyIdentifier.len && + chunk_equals(this->subjectKeyIdentifier, encoding)) { return ID_MATCH_PERFECT; } - } + if (this->public_key && + this->public_key->has_fingerprint(this->public_key, encoding)) + { + return ID_MATCH_PERFECT; + } + } best = this->subject->matches(this->subject, subject); enumerator = this->subjectAltNames->create_enumerator(this->subjectAltNames); while (enumerator->enumerate(enumerator, ¤t))