From: Martin Willi <martin@revosec.ch>
Date: Wed, 15 Dec 2010 15:42:30 +0000 (+0100)
Subject: Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too
X-Git-Tag: 4.5.1~184
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5dba5852fcaa965cfc0adb0c2a756814af2c1885;p=thirdparty%2Fstrongswan.git

Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too
---

diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c
index b4b5130732..375ea38330 100644
--- a/src/libcharon/plugins/stroke/stroke_list.c
+++ b/src/libcharon/plugins/stroke/stroke_list.c
@@ -835,7 +835,7 @@ static void stroke_list_certs(linked_list_t *list, char *label,
 
 			/* list optional pathLenConstraint */
 			pathlen = x509->get_pathLenConstraint(x509);
-			if (pathlen != X509_NO_PATH_LEN_CONSTRAINT)
+			if (pathlen != X509_NO_CONSTRAINT)
 			{
 				fprintf(out, "  pathlen:   %d\n", pathlen);
 			}
diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h
index b0f361edb3..d620bbde89 100644
--- a/src/libstrongswan/credentials/certificates/x509.h
+++ b/src/libstrongswan/credentials/certificates/x509.h
@@ -24,7 +24,7 @@
 #include <utils/enumerator.h>
 #include <credentials/certificates/certificate.h>
 
-#define X509_NO_PATH_LEN_CONSTRAINT		-1
+#define X509_NO_CONSTRAINT		-1
 
 typedef struct x509_t x509_t;
 typedef struct x509_cert_policy_t x509_cert_policy_t;
diff --git a/src/libstrongswan/plugins/constraints/constraints_validator.c b/src/libstrongswan/plugins/constraints/constraints_validator.c
index bab2535c17..a52f37a1cb 100644
--- a/src/libstrongswan/plugins/constraints/constraints_validator.c
+++ b/src/libstrongswan/plugins/constraints/constraints_validator.c
@@ -39,7 +39,7 @@ static bool check_pathlen(x509_t *issuer, int pathlen)
 	int pathlen_constraint;
 
 	pathlen_constraint = issuer->get_pathLenConstraint(issuer);
-	if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT &&
+	if (pathlen_constraint != X509_NO_CONSTRAINT &&
 		pathlen > pathlen_constraint)
 	{
 		DBG1(DBG_CFG, "path length of %d violates constraint of %d",
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index 6ffe08f6e0..7b6ac121fb 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -581,7 +581,7 @@ static private_openssl_x509_t *create_empty()
 		.issuerAltNames = linked_list_create(),
 		.crl_uris = linked_list_create(),
 		.ocsp_uris = linked_list_create(),
-		.pathlen = X509_NO_PATH_LEN_CONSTRAINT,
+		.pathlen = X509_NO_CONSTRAINT,
 		.ref = 1,
 	);
 
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index f794183828..4f6cdaa4bb 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -1800,7 +1800,7 @@ static private_x509_cert_t* create_empty(void)
 		.excluded_names = linked_list_create(),
 		.cert_policies = linked_list_create(),
 		.policy_mappings = linked_list_create(),
-		.pathLenConstraint = X509_NO_PATH_LEN_CONSTRAINT,
+		.pathLenConstraint = X509_NO_CONSTRAINT,
 		.ref = 1,
 	);
 	return this;
@@ -1997,7 +1997,7 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
 	{
 		chunk_t pathLenConstraint = chunk_empty;
 
-		if (cert->pathLenConstraint != X509_NO_PATH_LEN_CONSTRAINT)
+		if (cert->pathLenConstraint != X509_NO_CONSTRAINT)
 		{
 			char pathlen = (char)cert->pathLenConstraint;
 
@@ -2361,7 +2361,7 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args)
 				cert->pathLenConstraint = va_arg(args, int);
 				if (cert->pathLenConstraint < 0 || cert->pathLenConstraint > 127)
 				{
-					cert->pathLenConstraint = X509_NO_PATH_LEN_CONSTRAINT;
+					cert->pathLenConstraint = X509_NO_CONSTRAINT;
 				}
 				continue;
 			case BUILD_PERMITTED_NAME_CONSTRAINTS:
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index 62fe0185da..e290159817 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -59,7 +59,7 @@ static int issue()
 	identification_t *id = NULL, *crl_issuer = NULL;;
 	linked_list_t *san, *cdps, *ocsp, *permitted, *excluded, *policies, *mappings;
 	int lifetime = 1095;
-	int pathlen = X509_NO_PATH_LEN_CONSTRAINT;
+	int pathlen = X509_NO_CONSTRAINT;
 	chunk_t serial = chunk_empty;
 	chunk_t encoding = chunk_empty;
 	time_t not_before, not_after;
diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c
index 23fb644e19..dd17a0ab85 100644
--- a/src/pki/commands/print.c
+++ b/src/pki/commands/print.c
@@ -176,7 +176,7 @@ static void print_x509(x509_t *x509)
 	enumerator->destroy(enumerator);
 
 	len = x509->get_pathLenConstraint(x509);
-	if (len != X509_NO_PATH_LEN_CONSTRAINT)
+	if (len != X509_NO_CONSTRAINT)
 	{
 		printf("pathlen:   %d\n", len);
 	}
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index 134231dcad..72ade49467 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -56,7 +56,7 @@ static int self()
 	identification_t *id = NULL;
 	linked_list_t *san, *ocsp, *permitted, *excluded, *policies, *mappings;
 	int lifetime = 1095;
-	int pathlen = X509_NO_PATH_LEN_CONSTRAINT;
+	int pathlen = X509_NO_CONSTRAINT;
 	chunk_t serial = chunk_empty;
 	chunk_t encoding = chunk_empty;
 	time_t not_before, not_after;
diff --git a/src/pluto/ocsp.c b/src/pluto/ocsp.c
index 8a351be6d4..85cc5e0f2b 100644
--- a/src/pluto/ocsp.c
+++ b/src/pluto/ocsp.c
@@ -1046,7 +1046,7 @@ static bool valid_ocsp_response(response_t *res)
 
 		/* check path length constraint */
 		pathlen_constraint = x509->get_pathLenConstraint(x509);
-		if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT &&
+		if (pathlen_constraint != X509_NO_CONSTRAINT &&
 			pathlen > pathlen_constraint)
 		{
 			plog("path length of %d violates constraint of %d",
diff --git a/src/pluto/x509.c b/src/pluto/x509.c
index d717beb15b..d821c9b799 100644
--- a/src/pluto/x509.c
+++ b/src/pluto/x509.c
@@ -256,7 +256,7 @@ bool verify_x509cert(cert_t *cert, bool strict, time_t *until)
 
 		/* check path length constraint */
 		pathlen_constraint = x509->get_pathLenConstraint(x509);
-		if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT &&
+		if (pathlen_constraint != X509_NO_CONSTRAINT &&
 			pathlen > pathlen_constraint)
 		{
 			plog("path length of %d violates constraint of %d",
@@ -451,7 +451,7 @@ void list_x509cert_chain(const char *caption, cert_t* cert,
 
 			/* list optional pathLenConstraint */
 			pathlen = x509->get_pathLenConstraint(x509);
-			if (pathlen != X509_NO_PATH_LEN_CONSTRAINT)
+			if (pathlen != X509_NO_CONSTRAINT)
 			{
 				whack_log(RC_COMMENT, "  pathlen:   %d", pathlen);
 			}