Make cert_validator_t.validate optional to implement

diff --git a/src/libstrongswan/credentials/cert_validator.h b/src/libstrongswan/credentials/cert_validator.h
index 00e30d7a0efe2ea2200f88b2715e268515cf060d..effc6b0d6576e7022b704dba6585240f96259ebe 100644 (file)
--- a/src/libstrongswan/credentials/cert_validator.h
+++ b/src/libstrongswan/credentials/cert_validator.h
@@ -43,6 +43,7 @@ struct cert_validator_t {
         * @param pathlen               the current length of the path bottom-up
         * @param anchor                is issuer trusted root anchor
         * @param auth                  container for resulting authentication info
+        * @return                              TRUE if subject certificate valid
         */
        bool (*validate)(cert_validator_t *this, certificate_t *subject,
                                         certificate_t *issuer, bool online, u_int pathlen,

diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
index 9e40c5a1075c90500ca2c5d10d8fefb21e784b50..a427b57fb79164ecb1ca6200a9e56bf55f3bd753 100644 (file)
--- a/src/libstrongswan/credentials/credential_manager.c
+++ b/src/libstrongswan/credentials/credential_manager.c
@@ -541,6 +541,10 @@ static bool check_certificate(private_credential_manager_t *this,
        enumerator = this->validators->create_enumerator(this->validators);
        while (enumerator->enumerate(enumerator, &validator))
        {
+               if (!validator->validate)
+               {
+                       continue;
+               }
                if (!validator->validate(validator, subject, issuer,
                                                                 online, pathlen, trusted, auth))
                {