diff options
Diffstat (limited to 'src/libstrongswan/plugins/revocation/revocation_validator.c')
| -rw-r--r-- | src/libstrongswan/plugins/revocation/revocation_validator.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c index 34f347d1a..c8ec3f723 100644 --- a/src/libstrongswan/plugins/revocation/revocation_validator.c +++ b/src/libstrongswan/plugins/revocation/revocation_validator.c @@ -17,7 +17,7 @@ #include "revocation_validator.h" -#include <debug.h> +#include <utils/debug.h> #include <credentials/certificates/x509.h> #include <credentials/certificates/crl.h> #include <credentials/certificates/ocsp_request.h> @@ -103,7 +103,7 @@ static bool verify_ocsp(ocsp_response_t *response, auth_cfg_t *auth) bool verified = FALSE; wrapper = ocsp_response_wrapper_create((ocsp_response_t*)response); - lib->credmgr->add_local_set(lib->credmgr, &wrapper->set); + lib->credmgr->add_local_set(lib->credmgr, &wrapper->set, FALSE); subject = &response->certificate; responder = subject->get_issuer(subject); @@ -111,7 +111,7 @@ static bool verify_ocsp(ocsp_response_t *response, auth_cfg_t *auth) KEY_ANY, responder, FALSE); while (enumerator->enumerate(enumerator, &issuer, ¤t)) { - if (lib->credmgr->issued_by(lib->credmgr, subject, issuer)) + if (lib->credmgr->issued_by(lib->credmgr, subject, issuer, NULL)) { DBG1(DBG_CFG, " ocsp response correctly signed by \"%Y\"", issuer->get_subject(issuer)); @@ -341,7 +341,7 @@ static bool verify_crl(certificate_t *crl, auth_cfg_t *auth) KEY_ANY, crl->get_issuer(crl), FALSE); while (enumerator->enumerate(enumerator, &issuer, ¤t)) { - if (lib->credmgr->issued_by(lib->credmgr, crl, issuer)) + if (lib->credmgr->issued_by(lib->credmgr, crl, issuer, NULL)) { DBG1(DBG_CFG, " crl correctly signed by \"%Y\"", issuer->get_subject(issuer)); @@ -691,6 +691,8 @@ METHOD(cert_validator_t, validate, bool, case VALIDATION_REVOKED: case VALIDATION_ON_HOLD: /* has already been logged */ + lib->credmgr->call_hook(lib->credmgr, CRED_HOOK_REVOKED, + subject); return FALSE; case VALIDATION_SKIPPED: DBG2(DBG_CFG, "ocsp check skipped, no ocsp found"); @@ -711,6 +713,8 @@ METHOD(cert_validator_t, validate, bool, case VALIDATION_REVOKED: case VALIDATION_ON_HOLD: /* has already been logged */ + lib->credmgr->call_hook(lib->credmgr, CRED_HOOK_REVOKED, + subject); return FALSE; case VALIDATION_FAILED: case VALIDATION_SKIPPED: @@ -720,6 +724,8 @@ METHOD(cert_validator_t, validate, bool, DBG1(DBG_CFG, "certificate status is unknown, crl is stale"); break; } + lib->credmgr->call_hook(lib->credmgr, CRED_HOOK_VALIDATION_FAILED, + subject); } return TRUE; } |