Imported Upstream version 5.4.0

3 files changed, 44 insertions, 4 deletions

diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index b31bfbed1..c58dfe210 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -415,6 +415,8 @@ strongswan_conf = @strongswan_conf@
 strongswan_options = @strongswan_options@
 swanctldir = @swanctldir@
 sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
 systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
 systemd_daemon_LIBS = @systemd_daemon_LIBS@
 systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 96280a033..2b83f3328 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -2143,8 +2143,8 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
 		msSmartcardLogon = asn1_build_known_oid(OID_MS_SMARTCARD_LOGON);
 	}
 
-	if (serverAuth.ptr || clientAuth.ptr || ikeIntermediate.ptr ||
-		ocspSigning.ptr)
+	if (serverAuth.ptr  || clientAuth.ptr || ikeIntermediate.ptr ||
+		ocspSigning.ptr || msSmartcardLogon.ptr)
 	{
 		extendedKeyUsage = asn1_wrap(ASN1_SEQUENCE, "mm",
 								asn1_build_known_oid(OID_EXTENDED_KEY_USAGE),
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
index 60133fc7f..b46af30fe 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
@@ -1,7 +1,8 @@
 /**
  * Copyright (C) 2008-2009 Martin Willi
- * Copyright (C) 2007-2014 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2007-2015 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2003 Christoph Gysin, Simon Zwahlen
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -228,6 +229,42 @@ METHOD(ocsp_response_t, create_cert_enumerator, enumerator_t*,
 }
 
 /**
+ * enumerator filter callback for create_response_enumerator
+ */
+static bool filter(void *data, single_response_t **response,
+				   chunk_t *serialNumber,
+				   void *p2, cert_validation_t *status,
+				   void *p3, time_t *revocationTime,
+				   void *p4, crl_reason_t *revocationReason)
+{
+	if (serialNumber)
+	{
+		*serialNumber = (*response)->serialNumber;
+	}
+	if (status)
+	{
+		*status = (*response)->status;
+	}
+	if (revocationTime)
+	{
+		*revocationTime = (*response)->revocationTime;
+	}
+	if (revocationReason)
+	{
+		*revocationReason = (*response)->revocationReason;
+	}
+	return TRUE;
+}
+
+METHOD(ocsp_response_t, create_response_enumerator, enumerator_t*,
+	private_x509_ocsp_response_t *this)
+{
+	return enumerator_create_filter(
+				this->responses->create_enumerator(this->responses),
+				(void*)filter, NULL, NULL);
+}
+
+/**
  * ASN.1 definition of singleResponse
  */
 static const asn1Object_t singleResponseObjects[] = {
@@ -828,6 +865,7 @@ static x509_ocsp_response_t *load(chunk_t blob)
 				},
 				.get_status = _get_status,
 				.create_cert_enumerator = _create_cert_enumerator,
+				.create_response_enumerator = _create_response_enumerator,
 			},
 		},
 		.ref = 1,