From e16a01a5e656c3adb560a881ef454340756cdf8a Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Tue, 22 Dec 2009 13:18:27 +0100 Subject: [PATCH] X509_IP_ADDR_BLOCKS flag signals the presence of an ipAddrBlock certificate extension --- src/libstrongswan/credentials/certificates/x509.h | 14 ++++++++------ src/libstrongswan/plugins/x509/x509_cert.c | 3 ++- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h index 37c59a963d..ebe660d59d 100644 --- a/src/libstrongswan/credentials/certificates/x509.h +++ b/src/libstrongswan/credentials/certificates/x509.h @@ -35,17 +35,19 @@ typedef enum x509_flag_t x509_flag_t; */ enum x509_flag_t { /** cert has no constraints */ - X509_NONE = 0, + X509_NONE = 0, /** cert has CA constraint */ - X509_CA = (1<<0), + X509_CA = (1<<0), /** cert has AA constraint */ - X509_AA = (1<<1), + X509_AA = (1<<1), /** cert has OCSP signer constraint */ - X509_OCSP_SIGNER = (1<<2), + X509_OCSP_SIGNER = (1<<2), /** cert has serverAuth constraint */ - X509_SERVER_AUTH = (1<<3), + X509_SERVER_AUTH = (1<<3), /** cert is self-signed */ - X509_SELF_SIGNED = (1<<4), + X509_SELF_SIGNED = (1<<4), + /** cert has an ipAddrBlocks extension */ + X509_IP_ADDR_BLOCKS = (1<<5), }; /** diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index c3c377d089..dee056d5d3 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -803,7 +803,8 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0, break; } } - + this->flags |= X509_IP_ADDR_BLOCKS; + end: parser->destroy(parser); } -- 2.47.3