From: Martin Willi <martin@revosec.ch>
Date: Tue, 1 Feb 2011 08:24:42 +0000 (+0100)
Subject: Add missing AUTH_RULE for trusted self-signed peer certificates
X-Git-Tag: 4.5.1~82
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a846bf06e8a327387047e3cbcb6993010f45426c;p=thirdparty%2Fstrongswan.git

Add missing AUTH_RULE for trusted self-signed peer certificates
---

diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
index 91ed3cfb46..27b97eab33 100644
--- a/src/libstrongswan/credentials/credential_manager.c
+++ b/src/libstrongswan/credentials/credential_manager.c
@@ -716,6 +716,11 @@ METHOD(enumerator_t, trusted_enumerate, bool,
 				DBG1(DBG_CFG, "  using trusted certificate \"%Y\"",
 					 this->pretrusted->get_subject(this->pretrusted));
 				*cert = this->pretrusted;
+				if (!this->auth->get(this->auth, AUTH_RULE_SUBJECT_CERT))
+				{	/* add cert to auth info, if not returned by trustchain */
+					this->auth->add(this->auth, AUTH_RULE_SUBJECT_CERT,
+									this->pretrusted->get_ref(this->pretrusted));
+				}
 				if (auth)
 				{
 					*auth = this->auth;