From: Martin Willi <martin@revosec.ch>
Date: Thu, 15 Dec 2011 10:30:22 +0000 (+0100)
Subject: Stop checking once a key size constraint is not fulfilled
X-Git-Tag: 5.0.0~338^2~9^2~200
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fd2a491b31c505c4ab4cb6e9d2f36c6407fbe03d;p=thirdparty%2Fstrongswan.git

Stop checking once a key size constraint is not fulfilled
---

diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index 3420e3157b..e2cea0741a 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -537,6 +537,7 @@ METHOD(auth_cfg_t, complies, bool,
 									 "public keys, but %d bit key used",
 									 (uintptr_t)value, strength);
 							}
+							break;
 						}
 					}
 					else if (t2 == AUTH_RULE_RSA_STRENGTH)
@@ -547,6 +548,7 @@ METHOD(auth_cfg_t, complies, bool,
 							DBG1(DBG_CFG, "constraint requires %d bit ECDSA, "
 								 "but RSA used", (uintptr_t)value);
 						}
+						break;
 					}
 					else if (t2 == AUTH_RULE_ECDSA_STRENGTH)
 					{
@@ -556,6 +558,7 @@ METHOD(auth_cfg_t, complies, bool,
 							DBG1(DBG_CFG, "constraint requires %d bit RSA, "
 								 "but ECDSA used", (uintptr_t)value);
 						}
+						break;
 					}
 				}
 				e2->destroy(e2);