Imported Upstream version 5.1.0

13 files changed, 398 insertions, 57 deletions

diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index d2d0a7d72..2203519e2 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -18,7 +18,7 @@
 
 #include <library.h>
 #include <utils/debug.h>
-#include <collections/linked_list.h>
+#include <collections/array.h>
 #include <utils/identification.h>
 #include <eap/eap.h>
 #include <credentials/certificates/certificate.h>
@@ -109,9 +109,9 @@ struct private_auth_cfg_t {
 	auth_cfg_t public;
 
 	/**
-	 * list of entry_t
+	 * Array of entry_t
 	 */
-	linked_list_t *entries;
+	array_t *entries;
 };
 
 typedef struct entry_t entry_t;
@@ -184,18 +184,16 @@ METHOD(auth_cfg_t, create_enumerator, enumerator_t*,
 			.enumerate = (void*)enumerate,
 			.destroy = (void*)entry_enumerator_destroy,
 		},
-		.inner = this->entries->create_enumerator(this->entries),
+		.inner = array_create_enumerator(this->entries),
 	);
 	return &enumerator->public;
 }
 
 /**
- * Create an entry from the given arguments.
+ * Initialize an entry.
  */
-static entry_t *entry_create(auth_rule_t type, va_list args)
+static void init_entry(entry_t *this, auth_rule_t type, va_list args)
 {
-	entry_t *this = malloc_thing(entry_t);
-
 	this->type = type;
 	switch (type)
 	{
@@ -233,7 +231,6 @@ static entry_t *entry_create(auth_rule_t type, va_list args)
 			this->value = NULL;
 			break;
 	}
-	return this;
 }
 
 /**
@@ -481,21 +478,21 @@ METHOD(auth_cfg_t, get, void*,
  */
 static void add(private_auth_cfg_t *this, auth_rule_t type, ...)
 {
-	entry_t *entry;
+	entry_t entry;
 	va_list args;
 
 	va_start(args, type);
-	entry = entry_create(type, args);
+	init_entry(&entry, type, args);
 	va_end(args);
 
 	if (is_multi_value_rule(type))
 	{	/* insert rules that may occur multiple times at the end */
-		this->entries->insert_last(this->entries, entry);
+		array_insert(this->entries, ARRAY_TAIL, &entry);
 	}
 	else
 	{	/* insert rules we expect only once at the front (get() will return
 		 * the latest value) */
-		this->entries->insert_first(this->entries, entry);
+		array_insert(this->entries, ARRAY_HEAD, &entry);
 	}
 }
 
@@ -917,13 +914,13 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
 	}
 	else
 	{
-		entry_t *entry;
+		entry_t entry;
 
-		while (other->entries->remove_first(other->entries,
-											(void**)&entry) == SUCCESS)
+		while (array_remove(other->entries, ARRAY_HEAD, &entry))
 		{
-			this->entries->insert_last(this->entries, entry);
+			array_insert(this->entries, ARRAY_TAIL, &entry);
 		}
+		array_compress(other->entries);
 	}
 }
 
@@ -938,12 +935,12 @@ static bool auth_cfg_equals(private_auth_cfg_t *this, private_auth_cfg_t *other)
 
 	/* the rule count does not have to be equal for the two, as we only compare
 	 * the first value found for some rules */
-	e1 = this->entries->create_enumerator(this->entries);
+	e1 = array_create_enumerator(this->entries);
 	while (e1->enumerate(e1, &i1))
 	{
 		found = FALSE;
 
-		e2 = other->entries->create_enumerator(other->entries);
+		e2 = array_create_enumerator(other->entries);
 		while (e2->enumerate(e2, &i2))
 		{
 			if (entry_equals(i1, i2))
@@ -984,27 +981,21 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other)
 METHOD(auth_cfg_t, purge, void,
 	private_auth_cfg_t *this, bool keep_ca)
 {
+	enumerator_t *enumerator;
 	entry_t *entry;
-	linked_list_t *cas;
 
-	cas = linked_list_create();
-	while (this->entries->remove_last(this->entries, (void**)&entry) == SUCCESS)
+	enumerator = array_create_enumerator(this->entries);
+	while (enumerator->enumerate(enumerator, &entry))
 	{
-		if (keep_ca && entry->type == AUTH_RULE_CA_CERT)
-		{
-			cas->insert_first(cas, entry);
-		}
-		else
+		if (!keep_ca || entry->type != AUTH_RULE_CA_CERT)
 		{
+			array_remove_at(this->entries, enumerator);
 			destroy_entry_value(entry);
-			free(entry);
 		}
 	}
-	while (cas->remove_last(cas, (void**)&entry) == SUCCESS)
-	{
-		this->entries->insert_first(this->entries, entry);
-	}
-	cas->destroy(cas);
+	enumerator->destroy(enumerator);
+
+	array_compress(this->entries);
 }
 
 METHOD(auth_cfg_t, clone_, auth_cfg_t*,
@@ -1074,7 +1065,7 @@ METHOD(auth_cfg_t, destroy, void,
 	private_auth_cfg_t *this)
 {
 	purge(this, FALSE);
-	this->entries->destroy(this->entries);
+	array_destroy(this->entries);
 	free(this);
 }
 
@@ -1098,7 +1089,7 @@ auth_cfg_t *auth_cfg_create()
 			.clone = _clone_,
 			.destroy = _destroy,
 		},
-		.entries = linked_list_create(),
+		.entries = array_create(sizeof(entry_t), 0),
 	);
 
 	return &this->public;
diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c
index f5858382f..6710dfb54 100644
--- a/src/libstrongswan/credentials/builder.c
+++ b/src/libstrongswan/credentials/builder.c
@@ -24,6 +24,7 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
 	"BUILD_BLOB_PEM",
 	"BUILD_BLOB_PGP",
 	"BUILD_BLOB_DNSKEY",
+	"BUILD_BLOB_SSHKEY",
 	"BUILD_BLOB_ALGID_PARAMS",
 	"BUILD_KEY_SIZE",
 	"BUILD_SIGNING_KEY",
diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h
index 740041aac..5ab462fa8 100644
--- a/src/libstrongswan/credentials/builder.h
+++ b/src/libstrongswan/credentials/builder.h
@@ -59,6 +59,8 @@ enum builder_part_t {
 	BUILD_BLOB_PGP,
 	/** DNS public key blob (RFC 4034, RSA specifc RFC 3110), chunk_t */
 	BUILD_BLOB_DNSKEY,
+	/** SSH public key blob (RFC 4253), chunk_t */
+	BUILD_BLOB_SSHKEY,
 	/** parameters from algorithmIdentifier (ASN.1 blob), chunk_t */
 	BUILD_BLOB_ALGID_PARAMS,
 	/** key size in bits, as used for key generation, u_int */
diff --git a/src/libstrongswan/credentials/cert_validator.h b/src/libstrongswan/credentials/cert_validator.h
index 325fa0af3..6b28f35c1 100644
--- a/src/libstrongswan/credentials/cert_validator.h
+++ b/src/libstrongswan/credentials/cert_validator.h
@@ -53,6 +53,9 @@ struct cert_validator_t {
 	/**
 	 * Validate a subject certificate in relation to its issuer.
 	 *
+	 * If FALSE is returned, the validator should call_hook() on the
+	 * credential manager with an appropriate type and the certificate.
+	 *
 	 * @param subject		subject certificate to check
 	 * @param issuer		issuer of subject
 	 * @param online		whether to do online revocation checking
diff --git a/src/libstrongswan/credentials/certificates/certificate.c b/src/libstrongswan/credentials/certificates/certificate.c
index bc4209ca7..b281c1669 100644
--- a/src/libstrongswan/credentials/certificates/certificate.c
+++ b/src/libstrongswan/credentials/certificates/certificate.c
@@ -18,7 +18,7 @@
 #include <utils/debug.h>
 #include <credentials/certificates/x509.h>
 
-ENUM(certificate_type_names, CERT_ANY, CERT_PLUTO_CRL,
+ENUM(certificate_type_names, CERT_ANY, CERT_GPG,
 	"ANY",
 	"X509",
 	"X509_CRL",
@@ -28,9 +28,6 @@ ENUM(certificate_type_names, CERT_ANY, CERT_PLUTO_CRL,
 	"TRUSTED_PUBKEY",
 	"PKCS10_REQUEST",
 	"PGP",
-	"PLUTO_CERT",
-	"PLUTO_AC",
-	"PLUTO_CRL",
 );
 
 ENUM(cert_validation_names, VALIDATION_GOOD, VALIDATION_REVOKED,
diff --git a/src/libstrongswan/credentials/certificates/certificate.h b/src/libstrongswan/credentials/certificates/certificate.h
index b7a88ffbd..d59126bd5 100644
--- a/src/libstrongswan/credentials/certificates/certificate.h
+++ b/src/libstrongswan/credentials/certificates/certificate.h
@@ -52,10 +52,6 @@ enum certificate_type_t {
 	CERT_PKCS10_REQUEST,
 	/** PGP certificate */
 	CERT_GPG,
-	/** Pluto cert_t (not a certificate_t), either x509 or PGP */
-	CERT_PLUTO_CERT,
-	/** Pluto x509crl_t (not a certificate_t), certificate revocation list */
-	CERT_PLUTO_CRL,
 };
 
 /**
diff --git a/src/libstrongswan/credentials/containers/container.c b/src/libstrongswan/credentials/containers/container.c
index d1e67b21b..7456d43db 100644
--- a/src/libstrongswan/credentials/containers/container.c
+++ b/src/libstrongswan/credentials/containers/container.c
@@ -15,9 +15,11 @@
 
 #include "container.h"
 
-ENUM(container_type_names, CONTAINER_PKCS7, CONTAINER_PKCS7_ENVELOPED_DATA,
+ENUM(container_type_names, CONTAINER_PKCS7, CONTAINER_PKCS12,
 	"PKCS7",
 	"PKCS7_DATA",
 	"PKCS7_SIGNED_DATA",
 	"PKCS7_ENVELOPED_DATA",
+	"PKCS7_ENCRYPTED_DATA",
+	"PKCS12",
 );
diff --git a/src/libstrongswan/credentials/containers/container.h b/src/libstrongswan/credentials/containers/container.h
index fc5c09041..ee329881d 100644
--- a/src/libstrongswan/credentials/containers/container.h
+++ b/src/libstrongswan/credentials/containers/container.h
@@ -1,4 +1,7 @@
 /*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2012 Martin Willi
  * Copyright (C) 2012 revosec AG
  *
@@ -31,14 +34,18 @@ typedef enum container_type_t container_type_t;
  * Type of the container.
  */
 enum container_type_t {
-	/** Any kind of PKCS7/CMS container */
+	/** Any kind of PKCS#7/CMS container */
 	CONTAINER_PKCS7,
-	/** PKCS7/CMS plain "data" */
+	/** PKCS#7/CMS plain "data" */
 	CONTAINER_PKCS7_DATA,
-	/** PKCS7/CMS "signed-data" */
+	/** PKCS#7/CMS "signed-data" */
 	CONTAINER_PKCS7_SIGNED_DATA,
-	/** PKCS7/CMS "enveloped-data" */
+	/** PKCS#7/CMS "enveloped-data" */
 	CONTAINER_PKCS7_ENVELOPED_DATA,
+	/** PKCS#7/CMS "encrypted-data" */
+	CONTAINER_PKCS7_ENCRYPTED_DATA,
+	/** A PKCS#12 container */
+	CONTAINER_PKCS12,
 };
 
 /**
diff --git a/src/libstrongswan/credentials/containers/pkcs12.c b/src/libstrongswan/credentials/containers/pkcs12.c
new file mode 100644
index 000000000..7b812d27d
--- /dev/null
+++ b/src/libstrongswan/credentials/containers/pkcs12.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "pkcs12.h"
+
+#include <utils/debug.h>
+
+/**
+ * v * ceiling(len/v)
+ */
+#define PKCS12_LEN(len, v) (((len) + v-1) & ~(v-1))
+
+/**
+ * Copy src to dst as many times as possible
+ */
+static inline void copy_chunk(chunk_t dst, chunk_t src)
+{
+	size_t i;
+
+	for (i = 0; i < dst.len; i++)
+	{
+		dst.ptr[i] = src.ptr[i % src.len];
+	}
+}
+
+/**
+ * Treat two chunks as integers in network order and add them together.
+ * The result is stored in the first chunk, if the second chunk is longer or the
+ * result overflows this is ignored.
+ */
+static void add_chunks(chunk_t a, chunk_t b)
+{
+	u_int16_t sum;
+	u_int8_t rem = 0;
+	ssize_t i, j;
+
+	for (i = a.len - 1, j = b.len -1; i >= 0 && j >= 0; i--, j--)
+	{
+		sum = a.ptr[i] + b.ptr[j] + rem;
+		a.ptr[i] = (u_char)sum;
+		rem = sum >> 8;
+	}
+	for (; i >= 0 && rem; i--)
+	{
+		sum = a.ptr[i] + rem;
+		a.ptr[i] = (u_char)sum;
+		rem = sum >> 8;
+	}
+}
+
+/**
+ * Do the actual key derivation with the given hasher, password and id.
+ */
+static bool derive_key(hash_algorithm_t hash, chunk_t unicode, chunk_t salt,
+					   u_int64_t iterations, char id, chunk_t result)
+{
+	chunk_t out = result, D, S, P = chunk_empty, I, Ai, B, Ij;
+	hasher_t *hasher;
+	size_t Slen, v, u;
+	u_int64_t i;
+	bool success = FALSE;
+
+	hasher = lib->crypto->create_hasher(lib->crypto, hash);
+	if (!hasher)
+	{
+		DBG1(DBG_ASN, "  %N hash algorithm not available",
+			 hash_algorithm_names, hash);
+		return  FALSE;
+	}
+	switch (hash)
+	{
+		case HASH_MD2:
+		case HASH_MD5:
+		case HASH_SHA1:
+		case HASH_SHA224:
+		case HASH_SHA256:
+			v = 64;
+			break;
+		case HASH_SHA384:
+		case HASH_SHA512:
+			v = 128;
+			break;
+		default:
+			goto end;
+	}
+	u = hasher->get_hash_size(hasher);
+
+	D = chunk_alloca(v);
+	memset(D.ptr, id, D.len);
+
+	Slen = PKCS12_LEN(salt.len, v);
+	I = chunk_alloca(Slen + PKCS12_LEN(unicode.len, v));
+	S = chunk_create(I.ptr, Slen);
+	P = chunk_create(I.ptr + Slen, I.len - Slen);
+	copy_chunk(S, salt);
+	copy_chunk(P, unicode);
+
+	Ai = chunk_alloca(u);
+	B = chunk_alloca(v);
+
+	while (TRUE)
+	{
+		if (!hasher->get_hash(hasher, D, NULL) ||
+			!hasher->get_hash(hasher, I, Ai.ptr))
+		{
+			goto end;
+		}
+		for (i = 1; i < iterations; i++)
+		{
+			if (!hasher->get_hash(hasher, Ai, Ai.ptr))
+			{
+				goto end;
+			}
+		}
+		memcpy(out.ptr, Ai.ptr, min(out.len, Ai.len));
+		out = chunk_skip(out, Ai.len);
+		if (!out.len)
+		{
+			break;
+		}
+		copy_chunk(B, Ai);
+		/* B = B+1 */
+		add_chunks(B, chunk_from_chars(0x01));
+		Ij = chunk_create(I.ptr, v);
+		for (i = 0; i < I.len; i += v, Ij.ptr += v)
+		{	/* Ij = Ij + B + 1 */
+			add_chunks(Ij, B);
+		}
+	}
+	success = TRUE;
+end:
+	hasher->destroy(hasher);
+	return success;
+}
+
+/*
+ * Described in header
+ */
+bool pkcs12_derive_key(hash_algorithm_t hash, chunk_t password, chunk_t salt,
+					   u_int64_t iterations, pkcs12_key_type_t type, chunk_t key)
+{
+	chunk_t unicode = chunk_empty;
+	bool success;
+	int i;
+
+	if (password.len)
+	{	/* convert the password to UTF-16BE (without BOM) with 0 terminator */
+		unicode = chunk_alloca(password.len * 2 + 2);
+		for (i = 0; i < password.len; i++)
+		{
+			unicode.ptr[i * 2] = 0;
+			unicode.ptr[i * 2 + 1] = password.ptr[i];
+		}
+		unicode.ptr[i * 2] = 0;
+		unicode.ptr[i * 2 + 1] = 0;
+	}
+
+	success = derive_key(hash, unicode, salt, iterations, type, key);
+	memwipe(unicode.ptr, unicode.len);
+	return success;
+}
diff --git a/src/libstrongswan/credentials/containers/pkcs12.h b/src/libstrongswan/credentials/containers/pkcs12.h
new file mode 100644
index 000000000..f22ef045a
--- /dev/null
+++ b/src/libstrongswan/credentials/containers/pkcs12.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs12 pkcs12
+ * @{ @ingroup containers
+ */
+
+#ifndef PKCS12_H_
+#define PKCS12_H_
+
+#include <credentials/containers/container.h>
+#include <crypto/hashers/hasher.h>
+
+typedef enum pkcs12_key_type_t pkcs12_key_type_t;
+typedef struct pkcs12_t pkcs12_t;
+
+/**
+ * The types of password based keys used by PKCS#12.
+ */
+enum pkcs12_key_type_t {
+	PKCS12_KEY_ENCRYPTION = 1,
+	PKCS12_KEY_IV = 2,
+	PKCS12_KEY_MAC = 3,
+};
+
+/**
+ * PKCS#12/PFX container type.
+ */
+struct pkcs12_t {
+
+	/**
+	 * Implements container_t.
+	 */
+	container_t container;
+
+	/**
+	 * Create an enumerator over extracted certificates.
+	 *
+	 * @return			enumerator over certificate_t
+	 */
+	enumerator_t* (*create_cert_enumerator)(pkcs12_t *this);
+
+	/**
+	 * Create an enumerator over extracted private keys.
+	 *
+	 * @return			enumerator over private_key_t
+	 */
+	enumerator_t* (*create_key_enumerator)(pkcs12_t *this);
+};
+
+/**
+ * Derive the keys used in PKCS#12 for password integrity/privacy mode.
+ *
+ * @param hash			hash algorithm to use for key derivation
+ * @param password		password (ASCII)
+ * @param salt			salt value
+ * @param iterations	number of iterations
+ * @param type			type of key to derive
+ * @param key			the returned key, must be allocated of desired length
+ * @return				TRUE on success
+ */
+bool pkcs12_derive_key(hash_algorithm_t hash, chunk_t password, chunk_t salt,
+					u_int64_t iterations, pkcs12_key_type_t type, chunk_t key);
+
+#endif /** PKCS12_H_ @}*/
diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
index f4cd9b9e6..de19c8d96 100644
--- a/src/libstrongswan/credentials/credential_manager.c
+++ b/src/libstrongswan/credentials/credential_manager.c
@@ -81,6 +81,16 @@ struct private_credential_manager_t {
 	 * mutex for cache queue
 	 */
 	mutex_t *queue_mutex;
+
+	/**
+	 * Registered hook to call on validation errors
+	 */
+	credential_hook_t hook;
+
+	/**
+	 * Registered data to pass to hook
+	 */
+	void *hook_data;
 };
 
 /** data to pass to create_private_enumerator */
@@ -126,6 +136,22 @@ typedef struct {
 	enumerator_t *exclusive;
 } sets_enumerator_t;
 
+METHOD(credential_manager_t, set_hook, void,
+	private_credential_manager_t *this, credential_hook_t hook, void *data)
+{
+	this->hook = hook;
+	this->hook_data = data;
+}
+
+METHOD(credential_manager_t, call_hook, void,
+	private_credential_manager_t *this, credential_hook_type_t type,
+	certificate_t *cert)
+{
+	if (this->hook)
+	{
+		this->hook(this->hook_data, type, cert);
+	}
+}
 
 METHOD(enumerator_t, sets_enumerate, bool,
 	sets_enumerator_t *this, credential_set_t **set)
@@ -378,8 +404,8 @@ METHOD(credential_manager_t, get_shared, shared_key_t*,
 	identification_t *me, identification_t *other)
 {
 	shared_key_t *current, *found = NULL;
-	id_match_t *best_me = ID_MATCH_NONE, *best_other = ID_MATCH_NONE;
-	id_match_t *match_me, *match_other;
+	id_match_t best_me = ID_MATCH_NONE, best_other = ID_MATCH_NONE;
+	id_match_t match_me, match_other;
 	enumerator_t *enumerator;
 
 	enumerator = create_shared_enumerator(this, type, me, other);
@@ -393,6 +419,10 @@ METHOD(credential_manager_t, get_shared, shared_key_t*,
 			best_me = match_me;
 			best_other = match_other;
 		}
+		if (best_me == ID_MATCH_PERFECT && best_other == ID_MATCH_PERFECT)
+		{
+			break;
+		}
 	}
 	enumerator->destroy(enumerator);
 	return found;
@@ -549,15 +579,17 @@ static bool check_lifetime(private_credential_manager_t *this,
 			{
 				DBG1(DBG_CFG, "%s certificate invalid (valid from %T to %T)",
 					 label, &not_before, FALSE, &not_after, FALSE);
-				return FALSE;
+				break;
 			}
 			return TRUE;
 		case SUCCESS:
 			return TRUE;
 		case FAILED:
 		default:
-			return FALSE;
+			break;
 	}
+	call_hook(this, CRED_HOOK_EXPIRED, cert);
+	return FALSE;
 }
 
 /**
@@ -718,9 +750,10 @@ static bool verify_trust_chain(private_credential_manager_t *this,
 			{
 				if (current->equals(current, issuer))
 				{
-					DBG1(DBG_CFG, "  self-signed certificate \"%Y\" is not trusted",
-						 current->get_subject(current));
+					DBG1(DBG_CFG, "  self-signed certificate \"%Y\" is not "
+						 "trusted", current->get_subject(current));
 					issuer->destroy(issuer);
+					call_hook(this, CRED_HOOK_UNTRUSTED_ROOT, current);
 					break;
 				}
 				auth->add(auth, AUTH_RULE_IM_CERT, issuer->get_ref(issuer));
@@ -732,6 +765,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
 			{
 				DBG1(DBG_CFG, "no issuer certificate found for \"%Y\"",
 					 current->get_subject(current));
+				call_hook(this, CRED_HOOK_NO_ISSUER, current);
 				break;
 			}
 		}
@@ -750,8 +784,8 @@ static bool verify_trust_chain(private_credential_manager_t *this,
 		current = issuer;
 		if (trusted)
 		{
-			DBG1(DBG_CFG, "  reached self-signed root ca with a path length of %d",
-						  pathlen);
+			DBG1(DBG_CFG, "  reached self-signed root ca with a "
+				 "path length of %d", pathlen);
 			break;
 		}
 	}
@@ -759,6 +793,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
 	if (pathlen > MAX_TRUST_PATH_LEN)
 	{
 		DBG1(DBG_CFG, "maximum path length of %d exceeded", MAX_TRUST_PATH_LEN);
+		call_hook(this, CRED_HOOK_EXCEEDED_PATH_LEN, subject);
 	}
 	if (trusted)
 	{
@@ -1301,6 +1336,8 @@ credential_manager_t *credential_manager_create()
 			.remove_local_set = _remove_local_set,
 			.add_validator = _add_validator,
 			.remove_validator = _remove_validator,
+			.set_hook = _set_hook,
+			.call_hook = _call_hook,
 			.destroy = _destroy,
 		},
 		.sets = linked_list_create(),
diff --git a/src/libstrongswan/credentials/credential_manager.h b/src/libstrongswan/credentials/credential_manager.h
index 73c585734..445ea3f9c 100644
--- a/src/libstrongswan/credentials/credential_manager.h
+++ b/src/libstrongswan/credentials/credential_manager.h
@@ -22,6 +22,7 @@
 #define CREDENTIAL_MANAGER_H_
 
 typedef struct credential_manager_t credential_manager_t;
+typedef enum credential_hook_type_t credential_hook_type_t;
 
 #include <utils/identification.h>
 #include <collections/enumerator.h>
@@ -33,6 +34,37 @@ typedef struct credential_manager_t credential_manager_t;
 #include <credentials/cert_validator.h>
 
 /**
+ * Type of a credential hook error/event.
+ */
+enum credential_hook_type_t {
+	/** The certificate has expired (or is not yet valid) */
+	CRED_HOOK_EXPIRED,
+	/** The certificate has been revoked */
+	CRED_HOOK_REVOKED,
+	/** Checking certificate revocation failed. This does not necessarily mean
+	 *  the certificate is rejected, just that revocation checking failed. */
+	CRED_HOOK_VALIDATION_FAILED,
+	/** No trusted issuer certificate has been found for this certificate */
+	CRED_HOOK_NO_ISSUER,
+	/** Encountered a self-signed (root) certificate, but it is not trusted */
+	CRED_HOOK_UNTRUSTED_ROOT,
+	/** Maximum trust chain length exceeded for certificate */
+	CRED_HOOK_EXCEEDED_PATH_LEN,
+	/** The certificate violates some other kind of policy and gets rejected */
+	CRED_HOOK_POLICY_VIOLATION,
+};
+
+/**
+ * Hook function to invoke on certificate validation errors.
+ *
+ * @param data			user data supplied during hook registration
+ * @param type			type of validation error/event
+ * @param cert			associated certificate
+ */
+typedef void (*credential_hook_t)(void *data, credential_hook_type_t type,
+								  certificate_t *cert);
+
+/**
  * Manages credentials using credential_sets.
  *
  * The credential manager is the entry point of the credential framework. It
@@ -263,6 +295,28 @@ struct credential_manager_t {
 	void (*remove_validator)(credential_manager_t *this, cert_validator_t *vdtr);
 
 	/**
+	 * Set a hook to call on certain credential validation errors.
+	 *
+	 * @param hook		hook to register, NULL to unregister
+	 * @param data		data to pass to hook
+	 */
+	void (*set_hook)(credential_manager_t *this, credential_hook_t hook,
+					 void *data);
+
+	/**
+	 * Call the registered credential hook, if any.
+	 *
+	 * While hooks are usually called by the credential manager itself, some
+	 * validator plugins might raise hooks as well if they consider certificates
+	 * invalid.
+	 *
+	 * @param type		type of the event
+	 * @param cert		associated certificate
+	 */
+	void (*call_hook)(credential_manager_t *this, credential_hook_type_t type,
+					  certificate_t *cert);
+
+	/**
 	 * Destroy a credential_manager instance.
 	 */
 	void (*destroy)(credential_manager_t *this);
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index fdbe17f2c..2afcf8325 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -192,7 +192,7 @@ struct public_key_t {
 	/**
 	 * Get the key in an encoded form as a chunk.
 	 *
-	 * @param type		type of the encoding, one of PRIVKEY_*
+	 * @param type		type of the encoding, one of PUBKEY_*
 	 * @param encoding	encoding of the key, allocated
 	 * @return			TRUE if encoding supported
 	 */