static certificate_t *get_trusted_cert(private_credential_manager_t *this,
key_type_t type, identification_t *id,
auth_info_t *auth, bool crl, bool ocsp);
-/**
- * return null ;-)
- */
-static void *return_null()
-{
- return NULL;
-}
/**
* credential_set_t implementation around an OCSP response
{
certificate_t *sub = (certificate_t*)subject;
certificate_t *best_cert = NULL;
+ certificate_t *cert;
+ public_key_t *public;
cert_validation_t valid = VALIDATION_SKIPPED;
identification_t *keyid = NULL;
bool stale = TRUE;
/* derive the authorityKeyIdentifier from the issuer's public key */
+ cert = &issuer->interface;
+ public = cert->get_public_key(cert);
+ if (public)
{
- certificate_t *cert = &issuer->interface;
- public_key_t *public = cert->get_public_key(cert);
-
- if (public)
- {
- keyid = public->get_id(public, ID_PUBKEY_SHA1);
- public->destroy(public);
- }
+ keyid = public->get_id(public, ID_PUBKEY_SHA1);
}
-
+
/* find a cached ocsp response by authorityKeyIdentifier */
if (keyid)
{
}
enumerator->destroy(enumerator);
}
+ DESTROY_IF(public);
/* if we have an ocsp response, check the revocation status */
if (best_cert)
}
best_cert->destroy(best_cert);
}
-
+
if (auth)
{
auth->add_item(auth, AUTHZ_OCSP_VALIDATION, &valid);
{
identification_t *keyid = NULL;
certificate_t *best_cert = NULL;
+ certificate_t *cert;
+ public_key_t *public;
cert_validation_t valid = VALIDATION_SKIPPED;
bool stale = TRUE;
/* derive the authorityKeyIdentifier from the issuer's public key */
+ cert = &issuer->interface;
+ public = cert->get_public_key(cert);
+ if (public)
{
- certificate_t *cert = &issuer->interface;
- public_key_t *public = cert->get_public_key(cert);
-
- if (public)
- {
- keyid = public->get_id(public, ID_PUBKEY_SHA1);
- public->destroy(public);
- }
+ keyid = public->get_id(public, ID_PUBKEY_SHA1);
}
/* find a cached crl by authorityKeyIdentifier */
}
enumerator->destroy(enumerator);
}
+ DESTROY_IF(public);
/* if we have a crl, check the revocation status */
if (best_cert)
switch (check_ocsp(this, (x509_t*)subject, (x509_t*)issuer, auth))
{
case VALIDATION_GOOD:
- DBG1(DBG_CFG, "certificate status is good",
- subject->get_subject(subject));
+ DBG1(DBG_CFG, "certificate status is good");
return TRUE;
case VALIDATION_REVOKED:
/* has already been logged */
{
case VALIDATION_GOOD:
DBG1(DBG_CFG, "certificate status is good");
- break;
+ return TRUE;
case VALIDATION_REVOKED:
/* has already been logged */
- break;
+ return FALSE;
case VALIDATION_UNKNOWN:
DBG1(DBG_CFG, "certificate status is unknown");
break;
projects / thirdparty / strongswan.git / commitdiff
