From: Martin Willi Date: Thu, 23 Dec 2010 11:18:15 +0000 (+0100) Subject: Provide CRLs received in CERT payloads to trustchain verification X-Git-Tag: 4.5.1~152 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3a89b3c52fce8434ecf74ab3340ad95fbaa2eb5b;p=thirdparty%2Fstrongswan.git Provide CRLs received in CERT payloads to trustchain verification --- diff --git a/src/libcharon/encoding/payloads/cert_payload.c b/src/libcharon/encoding/payloads/cert_payload.c index 814ec27267..c42cec6805 100644 --- a/src/libcharon/encoding/payloads/cert_payload.c +++ b/src/libcharon/encoding/payloads/cert_payload.c @@ -206,13 +206,21 @@ METHOD(cert_payload_t, get_cert_encoding, cert_encoding_t, METHOD(cert_payload_t, get_cert, certificate_t*, private_cert_payload_t *this) { - if (this->encoding != ENC_X509_SIGNATURE) + int type; + + switch (this->encoding) { - return NULL; + case ENC_X509_SIGNATURE: + type = CERT_X509; + break; + case ENC_CRL: + type = CERT_X509_CRL; + break; + default: + return NULL; } - return lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, - BUILD_BLOB_ASN1_DER, this->data, - BUILD_END); + return lib->creds->create(lib->creds, CRED_CERTIFICATE, type, + BUILD_BLOB_ASN1_DER, this->data, BUILD_END); } METHOD(cert_payload_t, get_hash, chunk_t, diff --git a/src/libcharon/sa/tasks/ike_cert_pre.c b/src/libcharon/sa/tasks/ike_cert_pre.c index 1c0c547275..944637c117 100644 --- a/src/libcharon/sa/tasks/ike_cert_pre.c +++ b/src/libcharon/sa/tasks/ike_cert_pre.c @@ -253,11 +253,19 @@ static void process_certs(private_ike_cert_pre_t *this, message_t *message) } break; } + case ENC_CRL: + cert = cert_payload->get_cert(cert_payload); + if (cert) + { + DBG1(DBG_IKE, "received CRL \"%Y\"", + cert->get_subject(cert)); + auth->add(auth, AUTH_HELPER_REVOCATION_CERT, cert); + } + break; case ENC_PKCS7_WRAPPED_X509: case ENC_PGP: case ENC_DNS_SIGNED_KEY: case ENC_KERBEROS_TOKEN: - case ENC_CRL: case ENC_ARL: case ENC_SPKI: case ENC_X509_ATTRIBUTE: