summaryrefslogtreecommitdiff
path: root/src/libstrongswan/plugins/x509/x509_ocsp_response.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/plugins/x509/x509_ocsp_response.c')
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_response.c16
1 files changed, 12 insertions, 4 deletions
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
index 7dfef3993..27497e0e3 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
@@ -201,19 +201,22 @@ METHOD(ocsp_response_t, get_status, cert_validation_t,
/* check issuerNameHash, if available */
else if (response->issuerNameHash.ptr)
{
+ id = issuercert->get_subject(issuercert);
hasher = lib->crypto->create_hasher(lib->crypto,
hasher_algorithm_from_oid(response->hashAlgorithm));
- if (!hasher)
+ if (!hasher ||
+ !hasher->allocate_hash(hasher, id->get_encoding(id), &hash))
{
+ DESTROY_IF(hasher);
continue;
}
- id = issuercert->get_subject(issuercert);
- hasher->allocate_hash(hasher, id->get_encoding(id), &hash);
hasher->destroy(hasher);
if (!chunk_equals(hash, response->issuerNameHash))
{
+ free(hash.ptr);
continue;
}
+ free(hash.ptr);
}
else
{
@@ -670,7 +673,8 @@ METHOD(certificate_t, has_issuer, id_match_t,
}
METHOD(certificate_t, issued_by, bool,
- private_x509_ocsp_response_t *this, certificate_t *issuer)
+ private_x509_ocsp_response_t *this, certificate_t *issuer,
+ signature_scheme_t *schemep)
{
public_key_t *key;
signature_scheme_t scheme;
@@ -722,6 +726,10 @@ METHOD(certificate_t, issued_by, bool,
}
valid = key->verify(key, scheme, this->tbsResponseData, this->signature);
key->destroy(key);
+ if (valid && schemep)
+ {
+ *schemep = scheme;
+ }
return valid;
}