diff options
author | Yves-Alexis Perez <corsac@corsac.net> | 2012-06-28 21:16:07 +0200 |
---|---|---|
committer | Yves-Alexis Perez <corsac@corsac.net> | 2012-06-28 21:16:07 +0200 |
commit | b34738ed08c2227300d554b139e2495ca5da97d6 (patch) | |
tree | 62f33b52820f2e49f0e53c0f8c636312037c8054 /src/pluto/ca.c | |
parent | 0a9d51a49042a68daa15b0c74a2b7f152f52606b (diff) | |
download | vyos-strongswan-b34738ed08c2227300d554b139e2495ca5da97d6.tar.gz vyos-strongswan-b34738ed08c2227300d554b139e2495ca5da97d6.zip |
Imported Upstream version 4.6.4
Diffstat (limited to 'src/pluto/ca.c')
-rw-r--r-- | src/pluto/ca.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/pluto/ca.c b/src/pluto/ca.c index add85def8..827b98121 100644 --- a/src/pluto/ca.c +++ b/src/pluto/ca.c @@ -87,7 +87,7 @@ bool trusted_ca(identification_t *a, identification_t *b, int *pathlen) break; } certificate = cacert->cert; - + /* is the certificate self-signed? */ { x509_t *x509 = (x509_t*)certificate; @@ -219,7 +219,8 @@ cert_t* get_authcert(identification_t *subject, chunk_t keyid, } /* compare the subjectDistinguishedNames */ - if (!certificate->has_subject(certificate, subject)) + if (!(subject && certificate->has_subject(certificate, subject)) && + (subject || !keyid.ptr)) { continue; } @@ -248,7 +249,7 @@ cert_t* add_authcert(cert_t *cert, x509_flag_t auth_flags) lock_authcert_list("add_authcert"); - old_cert = get_authcert(certificate->get_subject(certificate), + old_cert = get_authcert(certificate->get_subject(certificate), x509->get_subjectKeyIdentifier(x509), auth_flags); if (old_cert) |