diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-06-23 11:25:24 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-06-23 11:25:24 +0000 |
commit | 41787e147279ff0695e9d759487266a60b80867b (patch) | |
tree | 8f28566c8fd7106c80d2536d2df540dbb4499cc5 /src/libstrongswan/plugins/x509 | |
parent | c3e7f611ea8273c6b3909cb006ade4903a74aad0 (diff) | |
download | vyos-strongswan-41787e147279ff0695e9d759487266a60b80867b.tar.gz vyos-strongswan-41787e147279ff0695e9d759487266a60b80867b.zip |
[svn-upgrade] Integrating new upstream version, strongswan (4.3.2)
Diffstat (limited to 'src/libstrongswan/plugins/x509')
-rw-r--r-- | src/libstrongswan/plugins/x509/Makefile.in | 17 | ||||
-rw-r--r-- | src/libstrongswan/plugins/x509/ietf_attr_list.h | 2 | ||||
-rw-r--r-- | src/libstrongswan/plugins/x509/x509_ac.c | 33 | ||||
-rw-r--r-- | src/libstrongswan/plugins/x509/x509_ac.h | 2 | ||||
-rw-r--r-- | src/libstrongswan/plugins/x509/x509_cert.c | 122 | ||||
-rw-r--r-- | src/libstrongswan/plugins/x509/x509_cert.h | 2 | ||||
-rw-r--r-- | src/libstrongswan/plugins/x509/x509_crl.c | 34 | ||||
-rw-r--r-- | src/libstrongswan/plugins/x509/x509_ocsp_request.c | 3 | ||||
-rw-r--r-- | src/libstrongswan/plugins/x509/x509_ocsp_response.c | 38 | ||||
-rw-r--r-- | src/libstrongswan/plugins/x509/x509_plugin.c | 2 |
10 files changed, 80 insertions, 175 deletions
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index 028bbd41a..0c62ad3b3 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.10.1 from Makefile.am. +# Makefile.in generated by automake 1.10.2 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -89,6 +89,7 @@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ @@ -111,6 +112,9 @@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ +LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ +LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ @@ -122,6 +126,7 @@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NM = @NM@ NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ @@ -135,6 +140,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ RANLIB = @RANLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -195,6 +202,7 @@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -206,6 +214,7 @@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ xml_CFLAGS = @xml_CFLAGS@ @@ -230,8 +239,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ @@ -331,7 +340,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS diff --git a/src/libstrongswan/plugins/x509/ietf_attr_list.h b/src/libstrongswan/plugins/x509/ietf_attr_list.h index 983c67d14..5807a899e 100644 --- a/src/libstrongswan/plugins/x509/ietf_attr_list.h +++ b/src/libstrongswan/plugins/x509/ietf_attr_list.h @@ -12,8 +12,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id$ */ /** diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index 2168f9bc7..638f96b44 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -14,8 +14,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id$ */ #include "x509_ac.h" @@ -32,6 +30,7 @@ #include <utils/identification.h> #include <utils/linked_list.h> #include <credentials/certificates/x509.h> +#include <credentials/keys/private_key.h> extern identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, chunk_t *authKeySerialNumber); @@ -780,31 +779,11 @@ static bool issued_by(private_x509_ac_t *this, certificate_t *issuer) return FALSE; } } - /* TODO: generic OID to scheme mapper? */ - switch (this->algorithm) - { - case OID_MD5_WITH_RSA: - scheme = SIGN_RSA_EMSA_PKCS1_MD5; - break; - case OID_SHA1_WITH_RSA: - scheme = SIGN_RSA_EMSA_PKCS1_SHA1; - break; - case OID_SHA256_WITH_RSA: - scheme = SIGN_RSA_EMSA_PKCS1_SHA256; - break; - case OID_SHA384_WITH_RSA: - scheme = SIGN_RSA_EMSA_PKCS1_SHA384; - break; - case OID_SHA512_WITH_RSA: - scheme = SIGN_RSA_EMSA_PKCS1_SHA512; - break; - case OID_ECDSA_WITH_SHA1: - scheme = SIGN_ECDSA_WITH_SHA1; - break; - default: - return FALSE; - } - if (key == NULL) + + /* determine signature scheme */ + scheme = signature_scheme_from_oid(this->algorithm); + + if (scheme == SIGN_UNKNOWN || key == NULL) { return FALSE; } diff --git a/src/libstrongswan/plugins/x509/x509_ac.h b/src/libstrongswan/plugins/x509/x509_ac.h index 5df9c5f8a..958d5c57a 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.h +++ b/src/libstrongswan/plugins/x509/x509_ac.h @@ -14,8 +14,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id$ */ /** diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 4c6b45394..6fe1809c2 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -16,8 +16,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: x509_cert.c 4936 2009-03-12 18:07:32Z tobias $ */ #define _GNU_SOURCE @@ -37,6 +35,7 @@ #include <asn1/asn1_parser.h> #include <asn1/pem.h> #include <crypto/hashers/hasher.h> +#include <credentials/keys/private_key.h> #include <utils/linked_list.h> #include <utils/identification.h> @@ -353,7 +352,7 @@ static identification_t *parse_generalName(chunk_t blob, int level0) if (id_type != ID_ANY) { gn = identification_create_from_encoding(id_type, object); - DBG2(" '%D'", gn); + DBG2(" '%Y'", gn); goto end; } } @@ -510,9 +509,9 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, /* parsing went wrong - abort */ goto end; } - DBG2(" '%D'", id); + DBG2(" '%Y'", id); if (accessMethod == OID_OCSP && - asprintf(&uri, "%D", id) > 0) + asprintf(&uri, "%Y", id) > 0) { this->ocsp_uris->insert_last(this->ocsp_uris, uri); } @@ -619,7 +618,7 @@ static void parse_crlDistributionPoints(chunk_t blob, int level0, { char *uri; - if (asprintf(&uri, "%D", id) > 0) + if (asprintf(&uri, "%Y", id) > 0) { this->crl_uris->insert_last(this->crl_uris, uri); } @@ -714,7 +713,7 @@ static bool parse_certificate(private_x509_cert_t *this) break; case X509_OBJ_ISSUER: this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object); - DBG2(" '%D'", this->issuer); + DBG2(" '%Y'", this->issuer); break; case X509_OBJ_NOT_BEFORE: this->notBefore = asn1_parse_time(object, level); @@ -724,14 +723,13 @@ static bool parse_certificate(private_x509_cert_t *this) break; case X509_OBJ_SUBJECT: this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object); - DBG2(" '%D'", this->subject); + DBG2(" '%Y'", this->subject); break; case X509_OBJ_SUBJECT_PUBLIC_KEY_INFO: this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, BUILD_BLOB_ASN1_DER, object, BUILD_END); if (this->public_key == NULL) { - DBG1("could not create public key"); goto end; } break; @@ -911,32 +909,14 @@ static bool issued_by(private_x509_cert_t *this, certificate_t *issuer) { return FALSE; } - /* TODO: generic OID to scheme mapper? */ - switch (this->algorithm) - { - case OID_MD5_WITH_RSA: - scheme = SIGN_RSA_EMSA_PKCS1_MD5; - break; - case OID_SHA1_WITH_RSA: - scheme = SIGN_RSA_EMSA_PKCS1_SHA1; - break; - case OID_SHA256_WITH_RSA: - scheme = SIGN_RSA_EMSA_PKCS1_SHA256; - break; - case OID_SHA384_WITH_RSA: - scheme = SIGN_RSA_EMSA_PKCS1_SHA384; - break; - case OID_SHA512_WITH_RSA: - scheme = SIGN_RSA_EMSA_PKCS1_SHA512; - break; - case OID_ECDSA_WITH_SHA1: - scheme = SIGN_ECDSA_WITH_SHA1; - break; - default: - return FALSE; - } + + /* get the public key of the issuer */ key = issuer->get_public_key(issuer); - if (key == NULL) + + /* determine signature scheme */ + scheme = signature_scheme_from_oid(this->algorithm); + + if (scheme == SIGN_UNKNOWN || key == NULL) { return FALSE; } @@ -1124,19 +1104,19 @@ static private_x509_cert_t* create_empty(void) { private_x509_cert_t *this = malloc_thing(private_x509_cert_t); - this->public.interface.interface.get_type = (certificate_type_t (*)(certificate_t *this))get_type; - this->public.interface.interface.get_subject = (identification_t* (*)(certificate_t *this))get_subject; - this->public.interface.interface.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer; - this->public.interface.interface.has_subject = (id_match_t (*)(certificate_t*, identification_t *subject))has_subject; - this->public.interface.interface.has_issuer = (id_match_t (*)(certificate_t*, identification_t *issuer))has_issuer; - this->public.interface.interface.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by; - this->public.interface.interface.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key; - this->public.interface.interface.get_validity = (bool (*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity; - this->public.interface.interface.is_newer = (bool (*)(certificate_t*,certificate_t*))is_newer; - this->public.interface.interface.get_encoding = (chunk_t (*)(certificate_t*))get_encoding; - this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t *other))equals; - this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref; - this->public.interface.interface.destroy = (void (*)(certificate_t *this))destroy; + this->public.interface.interface.get_type = (certificate_type_t (*) (certificate_t*))get_type; + this->public.interface.interface.get_subject = (identification_t* (*) (certificate_t*))get_subject; + this->public.interface.interface.get_issuer = (identification_t* (*) (certificate_t*))get_issuer; + this->public.interface.interface.has_subject = (id_match_t (*) (certificate_t*, identification_t*))has_subject; + this->public.interface.interface.has_issuer = (id_match_t (*) (certificate_t*, identification_t*))has_issuer; + this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by; + this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key; + this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity; + this->public.interface.interface.is_newer = (bool (*) (certificate_t*,certificate_t*))is_newer; + this->public.interface.interface.get_encoding = (chunk_t (*) (certificate_t*))get_encoding; + this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals; + this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref; + this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy; this->public.interface.get_flags = (x509_flag_t (*)(x509_t*))get_flags; this->public.interface.get_serial = (chunk_t (*)(x509_t*))get_serial; this->public.interface.get_authKeyIdentifier = (identification_t* (*)(x509_t*))get_authKeyIdentifier; @@ -1178,6 +1158,7 @@ static private_x509_cert_t *create_from_chunk(chunk_t chunk) private_x509_cert_t *this = create_empty(); this->encoding = chunk; + this->parsed = TRUE; if (!parse_certificate(this)) { destroy(this); @@ -1191,17 +1172,15 @@ static private_x509_cert_t *create_from_chunk(chunk_t chunk) } hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (hasher != NULL) - { - hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash); - hasher->destroy(hasher); - } - else + if (hasher == NULL) { - DBG1(" unable to create hash of certificate, SHA1 not supported"); + DBG1(" unable to create hash of certificate, SHA1 not supported"); + destroy(this); + return NULL; } + hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash); + hasher->destroy(hasher); - this->parsed = TRUE; return this; } @@ -1316,7 +1295,7 @@ static bool generate(private_builder_t *this) this->cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmccmcmm", asn1_simple_object(ASN1_CONTEXT_C_0, ASN1_INTEGER_2), - asn1_simple_object(ASN1_INTEGER, this->cert->serialNumber), + asn1_integer("c", this->cert->serialNumber), asn1_algorithmIdentifier(this->cert->algorithm), issuer->get_encoding(issuer), asn1_wrap(ASN1_SEQUENCE, "mm", @@ -1352,33 +1331,22 @@ static bool generate(private_builder_t *this) static private_x509_cert_t *build(private_builder_t *this) { private_x509_cert_t *cert; - x509_flag_t flags; - if (this->cert && !this->cert->encoding.ptr) + if (this->cert) { - if (!this->sign_key || !this->cert || - !generate(this)) - { - destroy(this->cert); - free(this); - return NULL; + this->cert->flags |= this->flags; + if (!this->cert->encoding.ptr) + { /* generate a new certificate */ + if (!this->sign_key || !generate(this)) + { + destroy(this->cert); + free(this); + return NULL; + } } } cert = this->cert; - flags = this->flags; free(this); - if (cert == NULL) - { - return NULL; - } - - if ((flags & X509_CA) && !(cert->flags & X509_CA)) - { - DBG1(" ca certificate must have ca basic constraint set, discarded"); - destroy(cert); - return NULL; - } - cert->flags |= flags; return cert; } diff --git a/src/libstrongswan/plugins/x509/x509_cert.h b/src/libstrongswan/plugins/x509/x509_cert.h index 8dbd8050a..5ebe1567d 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.h +++ b/src/libstrongswan/plugins/x509/x509_cert.h @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: x509_cert.h 5003 2009-03-24 17:43:01Z martin $ */ /** diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c index fd14dfebd..f502668cb 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.c +++ b/src/libstrongswan/plugins/x509/x509_crl.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: x509_crl.c 4936 2009-03-12 18:07:32Z tobias $ */ #include "x509_crl.h" @@ -226,7 +224,7 @@ static bool parse(private_x509_crl_t *this) break; case CRL_OBJ_ISSUER: this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object); - DBG2(" '%D'", this->issuer); + DBG2(" '%Y'", this->issuer); break; case CRL_OBJ_THIS_UPDATE: this->thisUpdate = asn1_parse_time(object, level); @@ -436,31 +434,11 @@ static bool issued_by(private_x509_crl_t *this, certificate_t *issuer) return FALSE; } } - /* TODO: generic OID to scheme mapper? */ - switch (this->algorithm) - { - case OID_MD5_WITH_RSA: - scheme = SIGN_RSA_EMSA_PKCS1_MD5; - break; - case OID_SHA1_WITH_RSA: - scheme = SIGN_RSA_EMSA_PKCS1_SHA1; - break; - case OID_SHA256_WITH_RSA: - scheme = SIGN_RSA_EMSA_PKCS1_SHA256; - break; - case OID_SHA384_WITH_RSA: - scheme = SIGN_RSA_EMSA_PKCS1_SHA384; - break; - case OID_SHA512_WITH_RSA: - scheme = SIGN_RSA_EMSA_PKCS1_SHA512; - break; - case OID_ECDSA_WITH_SHA1: - scheme = SIGN_ECDSA_WITH_SHA1; - break; - default: - return FALSE; - } - if (key == NULL) + + /* determine signature scheme */ + scheme = signature_scheme_from_oid(this->algorithm); + + if (scheme == SIGN_UNKNOWN || key == NULL) { return FALSE; } diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c index 7b97b990d..4020d8d95 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c @@ -13,8 +13,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: x509_ocsp_request.c 4317 2008-09-02 11:00:13Z martin $ */ #include "x509_ocsp_request.h" @@ -26,6 +24,7 @@ #include <utils/linked_list.h> #include <debug.h> #include <credentials/certificates/x509.h> +#include <credentials/keys/private_key.h> #define NONCE_LEN 16 diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c index 6bb59d8e6..1b3187258 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c @@ -13,8 +13,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: x509_ocsp_response.c 4936 2009-03-12 18:07:32Z tobias $ */ #include "x509_ocsp_response.h" @@ -523,12 +521,12 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this, case BASIC_RESPONSE_ID_BY_NAME: this->responderId = identification_create_from_encoding( ID_DER_ASN1_DN, object); - DBG2(" '%D'", this->responderId); + DBG2(" '%Y'", this->responderId); break; case BASIC_RESPONSE_ID_BY_KEY: this->responderId = identification_create_from_encoding( ID_PUBKEY_INFO_SHA1, object); - DBG2(" '%D'", this->responderId); + DBG2(" '%Y'", this->responderId); break; case BASIC_RESPONSE_PRODUCED_AT: this->producedAt = asn1_to_time(&object, ASN1_GENERALIZEDTIME); @@ -726,32 +724,14 @@ static bool issued_by(private_x509_ocsp_response_t *this, certificate_t *issuer) { return FALSE; } - /* TODO: generic OID to scheme mapper? */ - switch (this->signatureAlgorithm) - { - case OID_MD5_WITH_RSA: - scheme = SIGN_RSA_EMSA_PKCS1_MD5; - break; - case OID_SHA1_WITH_RSA: - scheme = SIGN_RSA_EMSA_PKCS1_SHA1; - break; - case OID_SHA256_WITH_RSA: - scheme = SIGN_RSA_EMSA_PKCS1_SHA256; - break; - case OID_SHA384_WITH_RSA: - scheme = SIGN_RSA_EMSA_PKCS1_SHA384; - break; - case OID_SHA512_WITH_RSA: - scheme = SIGN_RSA_EMSA_PKCS1_SHA512; - break; - case OID_ECDSA_WITH_SHA1: - scheme = SIGN_ECDSA_WITH_SHA1; - break; - default: - return FALSE; - } + + /* get the public key of the issuer */ key = issuer->get_public_key(issuer); - if (key == NULL) + + /* determine signature scheme */ + scheme = signature_scheme_from_oid(this->signatureAlgorithm); + + if (scheme == SIGN_UNKNOWN || key == NULL) { return FALSE; } diff --git a/src/libstrongswan/plugins/x509/x509_plugin.c b/src/libstrongswan/plugins/x509/x509_plugin.c index 42768487d..9ed7f95bd 100644 --- a/src/libstrongswan/plugins/x509/x509_plugin.c +++ b/src/libstrongswan/plugins/x509/x509_plugin.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: x509_plugin.c 3640 2008-03-21 10:52:11Z andreas $ */ #include "x509_plugin.h" |