summaryrefslogtreecommitdiff
path: root/src/charon/sa/tasks/ike_cert_pre.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon/sa/tasks/ike_cert_pre.c')
-rw-r--r--src/charon/sa/tasks/ike_cert_pre.c43
1 files changed, 33 insertions, 10 deletions
diff --git a/src/charon/sa/tasks/ike_cert_pre.c b/src/charon/sa/tasks/ike_cert_pre.c
index 3568a214e..353b76a22 100644
--- a/src/charon/sa/tasks/ike_cert_pre.c
+++ b/src/charon/sa/tasks/ike_cert_pre.c
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_cert_pre.c 3852 2008-04-18 21:27:08Z andreas $
+ * $Id: ike_cert_pre.c 4285 2008-08-26 05:15:34Z andreas $
*/
#include "ike_cert_pre.h"
@@ -320,11 +320,10 @@ static void add_certreq_payload(message_t *message, certreq_payload_t **reqp,
static void build_certreqs(private_ike_cert_pre_t *this, message_t *message)
{
ike_cfg_t *ike_cfg;
+ peer_cfg_t *peer_cfg;
enumerator_t *enumerator;
certificate_t *cert;
- auth_info_t *auth;
bool restricted = FALSE;
- auth_item_t item;
certreq_payload_t *x509_req = NULL;
ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
@@ -332,19 +331,43 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message)
{
return;
}
- auth = this->ike_sa->get_other_auth(this->ike_sa);
/* check if we require a specific CA for that peer */
- enumerator = auth->create_item_enumerator(auth);
- while (enumerator->enumerate(enumerator, &item, &cert))
+ peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
+ if (peer_cfg)
{
- if (item == AUTHN_CA_CERT)
+ void *ptr;
+ identification_t *id;
+ auth_item_t item;
+ auth_info_t *auth = peer_cfg->get_auth(peer_cfg);
+ enumerator_t *auth_enumerator = auth->create_item_enumerator(auth);
+
+ while (auth_enumerator->enumerate(auth_enumerator, &item, &ptr))
{
- restricted = TRUE;
- add_certreq_payload(message, &x509_req, cert);
+ switch (item)
+ {
+ case AUTHZ_CA_CERT:
+ cert = (certificate_t *)ptr;
+ add_certreq_payload(message, &x509_req, cert);
+ restricted = TRUE;
+ break;
+ case AUTHZ_CA_CERT_NAME:
+ id = (identification_t *)ptr;
+ enumerator = charon->credentials->create_cert_enumerator(
+ charon->credentials, CERT_ANY, KEY_ANY, id, TRUE);
+ while (enumerator->enumerate(enumerator, &cert, TRUE))
+ {
+ add_certreq_payload(message, &x509_req, cert);
+ restricted = TRUE;
+ }
+ enumerator->destroy(enumerator);
+ break;
+ default:
+ break;
+ }
}
+ auth_enumerator->destroy(auth_enumerator);
}
- enumerator->destroy(enumerator);
if (!restricted)
{
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 05:02:09 +0000