From: Martin Willi Date: Thu, 23 Dec 2010 10:54:17 +0000 (+0100) Subject: Added support for CDPs to conftest X-Git-Tag: 4.5.1~154 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=968e5e665b8703eb8ab9e009dbe0996b569954f5;p=thirdparty%2Fstrongswan.git Added support for CDPs to conftest --- diff --git a/src/conftest/conftest.c b/src/conftest/conftest.c index 93b162f5b8..e21914811b 100644 --- a/src/conftest/conftest.c +++ b/src/conftest/conftest.c @@ -27,6 +27,7 @@ #include "hooks/hook.h" #include +#include /** * Conftest globals struct @@ -220,6 +221,48 @@ static bool load_keys(settings_t *settings, char *dir) return TRUE; } +/** + * Load certificate distribution points + */ +static void load_cdps(settings_t *settings) +{ + enumerator_t *enumerator; + identification_t *id; + char *ca, *uri, *section; + x509_t *x509; + + enumerator = settings->create_section_enumerator(settings, "cdps"); + while (enumerator->enumerate(enumerator, §ion)) + { + if (!strncaseeq(section, "crl", strlen("crl"))) + { + fprintf(stderr, "unknown cdp type '%s', ignored\n", section); + continue; + } + + uri = settings->get_str(settings, "cdps.%s.uri", NULL, section); + ca = settings->get_str(settings, "cdps.%s.ca", NULL, section); + if (!ca || !uri) + { + fprintf(stderr, "cdp '%s' misses ca/uri, ignored\n", section); + continue; + } + x509 = lib->creds->create(lib->creds, CRED_CERTIFICATE, + CERT_X509, BUILD_FROM_FILE, ca, BUILD_END); + if (!x509) + { + fprintf(stderr, "loading cdp '%s' ca failed, ignored\n", section); + continue; + } + id = identification_create_from_encoding(ID_KEY_ID, + x509->get_subjectKeyIdentifier(x509)); + conftest->creds->add_cdp(conftest->creds, CERT_X509_CRL, id, uri); + DESTROY_IF((certificate_t*)x509); + id->destroy(id); + } + enumerator->destroy(enumerator); +} + /** * Load configured hooks */ @@ -448,6 +491,7 @@ int main(int argc, char *argv[]) { return 1; } + load_cdps(conftest->test); if (!load_hooks()) { return 1;