From: Martin Willi Date: Fri, 18 Jan 2013 10:25:17 +0000 (+0100) Subject: After merging the used trustchain with config, move used certificate to front X-Git-Tag: 5.0.3dr3~37^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=51dbcf649712f8cabe28a5628facb4741e101dc8;p=thirdparty%2Fstrongswan.git After merging the used trustchain with config, move used certificate to front --- diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c index 4bd2403f26..bb88fa88ed 100644 --- a/src/libstrongswan/credentials/credential_manager.c +++ b/src/libstrongswan/credentials/credential_manager.c @@ -1041,6 +1041,29 @@ static private_key_t *get_private_by_cert(private_credential_manager_t *this, return private; } +/** + * Move the actually used certificate to front, so it gets returned with get() + */ +static void prefer_cert(auth_cfg_t *auth, certificate_t *cert) +{ + enumerator_t *enumerator; + auth_rule_t rule; + certificate_t *current; + + enumerator = auth->create_enumerator(auth); + while (enumerator->enumerate(enumerator, &rule, ¤t)) + { + if (rule == AUTH_RULE_SUBJECT_CERT) + { + current->get_ref(current); + auth->replace(auth, enumerator, AUTH_RULE_SUBJECT_CERT, cert); + cert = current; + } + } + enumerator->destroy(enumerator); + auth->add(auth, AUTH_RULE_SUBJECT_CERT, cert); +} + METHOD(credential_manager_t, get_private, private_key_t*, private_credential_manager_t *this, key_type_t type, identification_t *id, auth_cfg_t *auth) @@ -1076,6 +1099,7 @@ METHOD(credential_manager_t, get_private, private_key_t*, if (trustchain) { auth->merge(auth, trustchain, FALSE); + prefer_cert(auth, cert->get_ref(cert)); trustchain->destroy(trustchain); break; }