From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 3 May 2018 09:19:18 +0000 (+0200)
Subject: revocation: Set defaults if CRL/OCSP checking is disabled in config
X-Git-Tag: 5.6.3dr2~5^2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cae43b890a4a23154f73c58112541de13ed9ee59;p=thirdparty%2Fstrongswan.git

revocation: Set defaults if CRL/OCSP checking is disabled in config
---

diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c
index 1a7013b0f1..edb2f8074c 100644
--- a/src/libstrongswan/plugins/revocation/revocation_validator.c
+++ b/src/libstrongswan/plugins/revocation/revocation_validator.c
@@ -824,6 +824,10 @@ METHOD(cert_validator_t, validate, bool,
 					break;
 			}
 		}
+		else
+		{
+			auth->add(auth, AUTH_RULE_OCSP_VALIDATION, VALIDATION_SKIPPED);
+		}
 
 		if (this->enable_crl)
 		{
@@ -847,6 +851,11 @@ METHOD(cert_validator_t, validate, bool,
 					break;
 			}
 		}
+		else
+		{
+			auth->add(auth, AUTH_RULE_CRL_VALIDATION,
+					  auth->get(auth, AUTH_RULE_OCSP_VALIDATION));
+		}
 
 		lib->credmgr->call_hook(lib->credmgr, CRED_HOOK_VALIDATION_FAILED,
 								subject);