diff options
Diffstat (limited to 'src/libstrongswan/credentials/credential_manager.c')
| -rw-r--r-- | src/libstrongswan/credentials/credential_manager.c | 70 |
1 files changed, 0 insertions, 70 deletions
diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c index 3e54368ff..27b97eab3 100644 --- a/src/libstrongswan/credentials/credential_manager.c +++ b/src/libstrongswan/credentials/credential_manager.c @@ -452,13 +452,8 @@ static void cache_queue(private_credential_manager_t *this) * check a certificate for its lifetime */ static bool check_certificate(private_credential_manager_t *this, -<<<<<<< HEAD - certificate_t *subject, certificate_t *issuer, - bool online, int pathlen, auth_cfg_t *auth) -======= certificate_t *subject, certificate_t *issuer, bool online, int pathlen, bool trusted, auth_cfg_t *auth) ->>>>>>> upstream/4.5.1 { time_t not_before, not_after; cert_validator_t *validator; @@ -476,36 +471,12 @@ static bool check_certificate(private_credential_manager_t *this, ¬_before, FALSE, ¬_after, FALSE); return FALSE; } -<<<<<<< HEAD - if (issuer->get_type(issuer) == CERT_X509 && - subject->get_type(subject) == CERT_X509) - { - int pathlen_constraint; - x509_t *x509; - - /* check path length constraint */ - x509 = (x509_t*)issuer; - pathlen_constraint = x509->get_pathLenConstraint(x509); - if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT && - pathlen > pathlen_constraint) - { - DBG1(DBG_CFG, "path length of %d violates constraint of %d", - pathlen, pathlen_constraint); - return FALSE; - } - } -======= ->>>>>>> upstream/4.5.1 enumerator = this->validators->create_enumerator(this->validators); while (enumerator->enumerate(enumerator, &validator)) { if (!validator->validate(validator, subject, issuer, -<<<<<<< HEAD - online, pathlen, auth)) -======= online, pathlen, trusted, auth)) ->>>>>>> upstream/4.5.1 { enumerator->destroy(enumerator); return FALSE; @@ -563,8 +534,6 @@ static certificate_t *get_issuer_cert(private_credential_manager_t *this, } /** -<<<<<<< HEAD -======= * Get the strength of certificate, add it to auth */ static void get_key_strength(certificate_t *cert, auth_cfg_t *auth) @@ -596,7 +565,6 @@ static void get_key_strength(certificate_t *cert, auth_cfg_t *auth) } /** ->>>>>>> upstream/4.5.1 * try to verify the trust chain of subject, return TRUE if trusted */ static bool verify_trust_chain(private_credential_manager_t *this, @@ -608,13 +576,9 @@ static bool verify_trust_chain(private_credential_manager_t *this, int pathlen; auth = auth_cfg_create(); -<<<<<<< HEAD - current = subject->get_ref(subject); -======= get_key_strength(subject, auth); current = subject->get_ref(subject); auth->add(auth, AUTH_RULE_SUBJECT_CERT, current->get_ref(current)); ->>>>>>> upstream/4.5.1 for (pathlen = 0; pathlen <= MAX_TRUST_PATH_LEN; pathlen++) { @@ -659,25 +623,17 @@ static bool verify_trust_chain(private_credential_manager_t *this, break; } } -<<<<<<< HEAD - if (!check_certificate(this, current, issuer, online, pathlen, - current == subject ? auth : NULL)) -======= if (!check_certificate(this, current, issuer, online, pathlen, trusted, auth)) ->>>>>>> upstream/4.5.1 { trusted = FALSE; issuer->destroy(issuer); break; } -<<<<<<< HEAD -======= if (issuer) { get_key_strength(issuer, auth); } ->>>>>>> upstream/4.5.1 current->destroy(current); current = issuer; if (trusted) @@ -701,8 +657,6 @@ static bool verify_trust_chain(private_credential_manager_t *this, } /** -<<<<<<< HEAD -======= * List find match function for certificates */ static bool cert_equals(certificate_t *a, certificate_t *b) @@ -711,7 +665,6 @@ static bool cert_equals(certificate_t *a, certificate_t *b) } /** ->>>>>>> upstream/4.5.1 * enumerator for trusted certificates */ typedef struct { @@ -731,11 +684,8 @@ typedef struct { certificate_t *pretrusted; /** currently enumerating auth config */ auth_cfg_t *auth; -<<<<<<< HEAD -======= /** list of failed candidates */ linked_list_t *failed; ->>>>>>> upstream/4.5.1 } trusted_enumerator_t; METHOD(enumerator_t, trusted_enumerate, bool, @@ -763,13 +713,6 @@ METHOD(enumerator_t, trusted_enumerate, bool, verify_trust_chain(this->this, this->pretrusted, this->auth, TRUE, this->online)) { -<<<<<<< HEAD - this->auth->add(this->auth, AUTH_RULE_SUBJECT_CERT, - this->pretrusted->get_ref(this->pretrusted)); - DBG1(DBG_CFG, " using trusted certificate \"%Y\"", - this->pretrusted->get_subject(this->pretrusted)); - *cert = this->pretrusted; -======= DBG1(DBG_CFG, " using trusted certificate \"%Y\"", this->pretrusted->get_subject(this->pretrusted)); *cert = this->pretrusted; @@ -778,7 +721,6 @@ METHOD(enumerator_t, trusted_enumerate, bool, this->auth->add(this->auth, AUTH_RULE_SUBJECT_CERT, this->pretrusted->get_ref(this->pretrusted)); } ->>>>>>> upstream/4.5.1 if (auth) { *auth = this->auth; @@ -796,15 +738,12 @@ METHOD(enumerator_t, trusted_enumerate, bool, continue; } -<<<<<<< HEAD -======= if (this->failed->find_first(this->failed, (void*)cert_equals, NULL, current) == SUCCESS) { /* check each candidate only once */ continue; } ->>>>>>> upstream/4.5.1 DBG1(DBG_CFG, " using certificate \"%Y\"", current->get_subject(current)); if (verify_trust_chain(this->this, current, this->auth, FALSE, @@ -817,10 +756,7 @@ METHOD(enumerator_t, trusted_enumerate, bool, } return TRUE; } -<<<<<<< HEAD -======= this->failed->insert_last(this->failed, current->get_ref(current)); ->>>>>>> upstream/4.5.1 } return FALSE; } @@ -831,10 +767,7 @@ METHOD(enumerator_t, trusted_destroy, void, DESTROY_IF(this->pretrusted); DESTROY_IF(this->auth); DESTROY_IF(this->candidates); -<<<<<<< HEAD -======= this->failed->destroy_offset(this->failed, offsetof(certificate_t, destroy)); ->>>>>>> upstream/4.5.1 free(this); } @@ -853,10 +786,7 @@ METHOD(credential_manager_t, create_trusted_enumerator, enumerator_t*, .type = type, .id = id, .online = online, -<<<<<<< HEAD -======= .failed = linked_list_create(), ->>>>>>> upstream/4.5.1 ); return &enumerator->public; } |