summaryrefslogtreecommitdiff
path: root/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/plugins/pkcs11/pkcs11_creds.c')
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_creds.c23
1 files changed, 16 insertions, 7 deletions
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c
index 1b1448c6a..a81ec1147 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c
@@ -55,19 +55,20 @@ struct private_pkcs11_creds_t {
* Find certificates, optionally trusted
*/
static void find_certificates(private_pkcs11_creds_t *this,
- CK_SESSION_HANDLE session, CK_BBOOL trusted)
+ CK_SESSION_HANDLE session)
{
CK_OBJECT_CLASS class = CKO_CERTIFICATE;
CK_CERTIFICATE_TYPE type = CKC_X_509;
+ CK_BBOOL trusted = TRUE;
CK_ATTRIBUTE tmpl[] = {
{CKA_CLASS, &class, sizeof(class)},
{CKA_CERTIFICATE_TYPE, &type, sizeof(type)},
- {CKA_TRUSTED, &trusted, sizeof(trusted)},
};
CK_OBJECT_HANDLE object;
CK_ATTRIBUTE attr[] = {
{CKA_VALUE, NULL, 0},
{CKA_LABEL, NULL, 0},
+ {CKA_TRUSTED, &trusted, sizeof(trusted)}
};
enumerator_t *enumerator;
linked_list_t *raw;
@@ -75,11 +76,19 @@ static void find_certificates(private_pkcs11_creds_t *this,
struct {
chunk_t value;
chunk_t label;
+ bool trusted;
} *entry;
+ int count = countof(attr);
+ /* store result in a temporary list, avoid recursive operation */
raw = linked_list_create();
+ /* do not use trusted argument if not supported */
+ if (!(this->lib->get_features(this->lib) & PKCS11_TRUSTED_CERTS))
+ {
+ count--;
+ }
enumerator = this->lib->create_object_enumerator(this->lib,
- session, tmpl, countof(tmpl), attr, countof(attr));
+ session, tmpl, countof(tmpl), attr, count);
while (enumerator->enumerate(enumerator, &object))
{
entry = malloc(sizeof(*entry));
@@ -87,6 +96,7 @@ static void find_certificates(private_pkcs11_creds_t *this,
chunk_create(attr[0].pValue, attr[0].ulValueLen));
entry->label = chunk_clone(
chunk_create(attr[1].pValue, attr[1].ulValueLen));
+ entry->trusted = trusted;
raw->insert_last(raw, entry);
}
enumerator->destroy(enumerator);
@@ -99,10 +109,10 @@ static void find_certificates(private_pkcs11_creds_t *this,
if (cert)
{
DBG1(DBG_CFG, " loaded %strusted cert '%.*s'",
- trusted ? "" : "un", entry->label.len, entry->label.ptr);
+ entry->trusted ? "" : "un", entry->label.len, entry->label.ptr);
/* trusted certificates are also returned as untrusted */
this->untrusted->insert_last(this->untrusted, cert);
- if (trusted)
+ if (entry->trusted)
{
this->trusted->insert_last(this->trusted, cert->get_ref(cert));
}
@@ -135,8 +145,7 @@ static bool load_certificates(private_pkcs11_creds_t *this)
return FALSE;
}
- find_certificates(this, session, CK_TRUE);
- find_certificates(this, session, CK_FALSE);
+ find_certificates(this, session);
this->lib->f->C_CloseSession(session);
return TRUE;
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 05:13:59 +0000