[svn-upgrade] Integrating new upstream version, strongswan (4.1.4)

2 files changed, 21 insertions, 9 deletions

diff --git a/src/charon/config/credentials/local_credential_store.c b/src/charon/config/credentials/local_credential_store.c
index 6964345b3..649fcbcfb 100644
--- a/src/charon/config/credentials/local_credential_store.c
+++ b/src/charon/config/credentials/local_credential_store.c
@@ -456,7 +456,10 @@ static void add_uris(ca_info_t *issuer, x509_t *cert)
 	
 	while (iterator->iterate(iterator, (void**)&uri))
 	{
-		issuer->add_crluri(issuer, uri->get_encoding(uri));
+		if (uri->get_type(uri) == ID_DER_ASN1_GN_URI)
+		{
+			issuer->add_crluri(issuer, uri->get_encoding(uri));
+		}
 	}
 	iterator->destroy(iterator);
 
@@ -465,7 +468,10 @@ static void add_uris(ca_info_t *issuer, x509_t *cert)
 	
 	while (iterator->iterate(iterator, (void**)&uri))
 	{
-		issuer->add_ocspuri(issuer, uri->get_encoding(uri));
+		if (uri->get_type(uri) == ID_DER_ASN1_GN_URI)
+		{
+			issuer->add_ocspuri(issuer, uri->get_encoding(uri));
+		}
 	}
 	iterator->destroy(iterator);
 }
diff --git a/src/charon/config/traffic_selector.c b/src/charon/config/traffic_selector.c
index b399074d1..da39c434d 100644
--- a/src/charon/config/traffic_selector.c
+++ b/src/charon/config/traffic_selector.c
@@ -175,6 +175,7 @@ static int print(FILE *stream, const struct printf_info *info,
 	bool has_proto;
 	bool has_ports;
 	size_t written = 0;
+	u_int32_t from[4], to[4];
 	
 	if (this == NULL)
 	{
@@ -193,7 +194,11 @@ static int print(FILE *stream, const struct printf_info *info,
 		return written;
 	}
 	
-	if (this->dynamic)
+	memset(from, 0, sizeof(from));
+	memset(to, 0xFF, sizeof(to));
+	if (this->dynamic &&
+		memeq(this->from, from, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16) && 
+		memeq(this->to, to, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16))
 	{
 		return fprintf(stream, "dynamic/%d",
 					   this->type == TS_IPV4_ADDR_RANGE ? 32 : 128);
@@ -341,6 +346,7 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
 		/* we have a match in protocol, port, and address: return it... */
 		new_ts = traffic_selector_create(protocol, this->type, from_port, to_port);
 		new_ts->type = this->type;
+		new_ts->dynamic = this->dynamic || other->dynamic;
 		memcpy(new_ts->from, from, size);
 		memcpy(new_ts->to, to, size);
 		
@@ -475,11 +481,6 @@ static u_int8_t get_protocol(private_traffic_selector_t *this)
  */
 static bool is_host(private_traffic_selector_t *this, host_t *host)
 {
-	if (this->dynamic)
-	{
-		return TRUE;
-	}
-
 	if (host)
 	{
 		chunk_t addr;
@@ -498,7 +499,12 @@ static bool is_host(private_traffic_selector_t *this, host_t *host)
 	}
 	else
 	{
-		size_t length =  (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16;
+		size_t length = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16;
+		
+		if (this->dynamic)
+		{
+			return TRUE;
+		}
 		
 		if (memeq(this->from, this->to, length))
 		{