ENUM(auth_item_names, AUTHN_CA_CERT, AUTHZ_AC_GROUP,
"AUTHN_CA_CERT",
+ "AUTHN_CA_CERT_KEYID",
"AUTHN_IM_CERT",
"AUTHN_SUBJECT_CERT",
"AUTHZ_PUBKEY",
item->value = method;
break;
}
+ case AUTHN_CA_CERT_KEYID:
case AUTHZ_AC_GROUP:
{
identification_t *id = (identification_t*)value;
{
switch (type)
{
+ case AUTHN_CA_CERT_KEYID:
case AUTHN_CA_CERT:
case AUTHN_IM_CERT:
case AUTHN_SUBJECT_CERT:
free(item->value);
break;
}
+ case AUTHN_CA_CERT_KEYID:
case AUTHZ_AC_GROUP:
{
identification_t *id = (identification_t*)item->value;
/** CA certificate to use for authentication, value is certificate_t* */
AUTHN_CA_CERT,
+ /** Keyid of a CA certificate to use, value is identification_t* */
+ AUTHN_CA_CERT_KEYID,
/** intermediate certificate, value is certificate_t* */
AUTHN_IM_CERT,
/** certificate for trustchain verification, value is certificate_t* */
found = TRUE;
break;
}
+ if (type == AUTHN_CA_CERT_KEYID)
+ {
+ public_key_t *public;
+ identification_t *certid, *keyid;
+
+ public = cert->get_public_key(cert);
+ if (public)
+ {
+ keyid = (identification_t*)value;
+ certid = public->get_id(public, keyid->get_type(keyid));
+ if (certid && certid->equals(certid, keyid))
+ {
+ public->destroy(public);
+ found = TRUE;
+ break;
+ }
+ public->destroy(public);
+ }
+ }
}
enumerator->destroy(enumerator);
return found;
cert->destroy(cert);
ca_found = TRUE;
}
+ else
+ {
+ DBG1(DBG_IKE, "received cert request of unknown cert "
+ "\"%D\"", id);
+ auth->add_item(auth, AUTHN_CA_CERT_KEYID, id);
+ }
id->destroy(id);
}
enumerator->destroy(enumerator);
}
}
iterator->destroy(iterator);
-
- if (this->ike_sa->has_condition(this->ike_sa, COND_CERTREQ_SEEN) && !ca_found)
- {
- DBG1(DBG_IKE, "received cert request, but no such CA cert found");
- }
}
/**
projects / thirdparty / strongswan.git / commitdiff
