summaryrefslogtreecommitdiff
path: root/src/pluto/ca.c
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@corsac.net>2012-06-28 21:16:07 +0200
committerYves-Alexis Perez <corsac@corsac.net>2012-06-28 21:16:07 +0200
commitb34738ed08c2227300d554b139e2495ca5da97d6 (patch)
tree62f33b52820f2e49f0e53c0f8c636312037c8054 /src/pluto/ca.c
parent0a9d51a49042a68daa15b0c74a2b7f152f52606b (diff)
downloadvyos-strongswan-b34738ed08c2227300d554b139e2495ca5da97d6.tar.gz
vyos-strongswan-b34738ed08c2227300d554b139e2495ca5da97d6.zip
Imported Upstream version 4.6.4
Diffstat (limited to 'src/pluto/ca.c')
-rw-r--r--src/pluto/ca.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/src/pluto/ca.c b/src/pluto/ca.c
index add85def8..827b98121 100644
--- a/src/pluto/ca.c
+++ b/src/pluto/ca.c
@@ -87,7 +87,7 @@ bool trusted_ca(identification_t *a, identification_t *b, int *pathlen)
break;
}
certificate = cacert->cert;
-
+
/* is the certificate self-signed? */
{
x509_t *x509 = (x509_t*)certificate;
@@ -219,7 +219,8 @@ cert_t* get_authcert(identification_t *subject, chunk_t keyid,
}
/* compare the subjectDistinguishedNames */
- if (!certificate->has_subject(certificate, subject))
+ if (!(subject && certificate->has_subject(certificate, subject)) &&
+ (subject || !keyid.ptr))
{
continue;
}
@@ -248,7 +249,7 @@ cert_t* add_authcert(cert_t *cert, x509_flag_t auth_flags)
lock_authcert_list("add_authcert");
- old_cert = get_authcert(certificate->get_subject(certificate),
+ old_cert = get_authcert(certificate->get_subject(certificate),
x509->get_subjectKeyIdentifier(x509),
auth_flags);
if (old_cert)