From: Andreas Steffen Date: Sun, 20 Dec 2009 18:26:28 +0000 (+0100) Subject: parse RFC 3779 addressFamily X-Git-Tag: 4.3.6~92 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=513eb95e605549cf440e78cffff0790b365a762e;p=thirdparty%2Fstrongswan.git parse RFC 3779 addressFamily --- diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 839d102c39..f2f7db4dcf 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -127,7 +127,7 @@ struct private_x509_cert_t { linked_list_t *ocsp_uris; /** - * List of ipAddrBlocks as ??? + * List of ipAddrBlocks as traffic_selector_t */ linked_list_t *ipAddrBlocks; @@ -674,7 +674,7 @@ static void parse_crlDistributionPoints(chunk_t blob, int level0, static const asn1Object_t ipAddrBlocksObjects[] = { { 0, "ipAddrBlocks", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ { 1, "ipAddressFamily", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ - { 2, "addressFamily", ASN1_OCTET_STRING, ASN1_OBJ }, /* 2 */ + { 2, "addressFamily", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */ { 2, "inherit", ASN1_NULL, ASN1_OPT|ASN1_NONE }, /* 3 */ { 2, "end choice", ASN1_EOC, ASN1_END }, /* 4 */ { 2, "addressesOrRanges", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 5 */ @@ -700,6 +700,7 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0, asn1_parser_t *parser; chunk_t object; int objectID; + ts_type_t ts_type; parser = asn1_parser_create(ipAddrBlocksObjects, blob); parser->set_top_level(parser, level0); @@ -709,6 +710,19 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0, switch (objectID) { case IP_ADDR_BLOCKS_FAMILY: + ts_type = 0; + if (object.len == 2 && object.ptr[0] == 0) + { + if (object.ptr[1] == 1) + { + ts_type = TS_IPV4_ADDR_RANGE; + } + else if (object.ptr[1] == 2) + { + ts_type = TS_IPV6_ADDR_RANGE; + } + DBG2(" %N", ts_type_name, ts_type); + } break; case IP_ADDR_BLOCKS_INHERIT: DBG1("inherit choice is not supported");