From: Martin Willi <martin@revosec.ch>
Date: Wed, 22 Dec 2010 10:49:16 +0000 (+0100)
Subject: Include subject cert to temporary auth info before completing trustchain
X-Git-Tag: 4.5.1~166
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8469625fdc6cf194c95f679c1bd5cd3960f375d0;p=thirdparty%2Fstrongswan.git

Include subject cert to temporary auth info before completing trustchain
---

diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
index 3cca0b2e8c..a3f9a53cb1 100644
--- a/src/libstrongswan/credentials/credential_manager.c
+++ b/src/libstrongswan/credentials/credential_manager.c
@@ -578,6 +578,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
 	auth = auth_cfg_create();
 	get_key_strength(subject, auth);
 	current = subject->get_ref(subject);
+	auth->add(auth, AUTH_RULE_SUBJECT_CERT, current->get_ref(current));
 
 	for (pathlen = 0; pathlen <= MAX_TRUST_PATH_LEN; pathlen++)
 	{
@@ -702,8 +703,6 @@ METHOD(enumerator_t, trusted_enumerate, bool,
 				verify_trust_chain(this->this, this->pretrusted, this->auth,
 								   TRUE, this->online))
 			{
-				this->auth->add(this->auth, AUTH_RULE_SUBJECT_CERT,
-								this->pretrusted->get_ref(this->pretrusted));
 				DBG1(DBG_CFG, "  using trusted certificate \"%Y\"",
 					 this->pretrusted->get_subject(this->pretrusted));
 				*cert = this->pretrusted;
@@ -729,8 +728,6 @@ METHOD(enumerator_t, trusted_enumerate, bool,
 		if (verify_trust_chain(this->this, current, this->auth, FALSE,
 							   this->online))
 		{
-			this->auth->add(this->auth, AUTH_RULE_SUBJECT_CERT,
-							current->get_ref(current));
 			*cert = current;
 			if (auth)
 			{