diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2013-01-02 14:18:20 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2013-01-02 14:18:20 +0100 |
| commit | c1343b3278cdf99533b7902744d15969f9d6fdc1 (patch) | |
| tree | d5ed3dc5677a59260ec41cd39bb284d3e94c91b3 /src/libstrongswan/plugins/x509/x509_ocsp_response.c | |
| parent | b34738ed08c2227300d554b139e2495ca5da97d6 (diff) | |
| download | vyos-strongswan-c1343b3278cdf99533b7902744d15969f9d6fdc1.tar.gz vyos-strongswan-c1343b3278cdf99533b7902744d15969f9d6fdc1.zip | |
Imported Upstream version 5.0.1
Diffstat (limited to 'src/libstrongswan/plugins/x509/x509_ocsp_response.c')
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_ocsp_response.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c index 7dfef3993..27497e0e3 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c @@ -201,19 +201,22 @@ METHOD(ocsp_response_t, get_status, cert_validation_t, /* check issuerNameHash, if available */ else if (response->issuerNameHash.ptr) { + id = issuercert->get_subject(issuercert); hasher = lib->crypto->create_hasher(lib->crypto, hasher_algorithm_from_oid(response->hashAlgorithm)); - if (!hasher) + if (!hasher || + !hasher->allocate_hash(hasher, id->get_encoding(id), &hash)) { + DESTROY_IF(hasher); continue; } - id = issuercert->get_subject(issuercert); - hasher->allocate_hash(hasher, id->get_encoding(id), &hash); hasher->destroy(hasher); if (!chunk_equals(hash, response->issuerNameHash)) { + free(hash.ptr); continue; } + free(hash.ptr); } else { @@ -670,7 +673,8 @@ METHOD(certificate_t, has_issuer, id_match_t, } METHOD(certificate_t, issued_by, bool, - private_x509_ocsp_response_t *this, certificate_t *issuer) + private_x509_ocsp_response_t *this, certificate_t *issuer, + signature_scheme_t *schemep) { public_key_t *key; signature_scheme_t scheme; @@ -722,6 +726,10 @@ METHOD(certificate_t, issued_by, bool, } valid = key->verify(key, scheme, this->tbsResponseData, this->signature); key->destroy(key); + if (valid && schemep) + { + *schemep = scheme; + } return valid; } |