certificate_t *cert;
private_key_t *private = NULL;
auth_cfg_t *trustchain;
+ auth_rule_t rule;
/* check if this is a lookup by key ID, and do it if so */
if (id && id->get_type(id) == ID_KEY_ID)
if (auth)
{
- /* if a specific certificate is preferred, check for a matching key */
+ /* try to find a trustchain with one of the configured subject certs */
+ enumerator = auth->create_enumerator(auth);
+ while (enumerator->enumerate(enumerator, &rule, &cert))
+ {
+ if (rule == AUTH_RULE_SUBJECT_CERT)
+ {
+ private = get_private_by_cert(this, cert, type);
+ if (private)
+ {
+ trustchain = build_trustchain(this, cert, auth);
+ if (trustchain)
+ {
+ auth->merge(auth, trustchain, FALSE);
+ trustchain->destroy(trustchain);
+ break;
+ }
+ private->destroy(private);
+ private = NULL;
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (private)
+ {
+ return private;
+ }
+
+ /* if none yielded a trustchain, enforce the first configured cert */
cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
if (cert)
{
projects / thirdparty / strongswan.git / commitdiff
