diff options
Diffstat (limited to 'src/libstrongswan/plugins/x509')
-rw-r--r-- | src/libstrongswan/plugins/x509/Makefile.in | 2 | ||||
-rw-r--r-- | src/libstrongswan/plugins/x509/x509_ac.c | 27 | ||||
-rw-r--r-- | src/libstrongswan/plugins/x509/x509_cert.c | 15 | ||||
-rw-r--r-- | src/libstrongswan/plugins/x509/x509_crl.c | 47 | ||||
-rw-r--r-- | src/libstrongswan/plugins/x509/x509_ocsp_request.c | 33 | ||||
-rw-r--r-- | src/libstrongswan/plugins/x509/x509_ocsp_response.c | 42 |
6 files changed, 94 insertions, 72 deletions
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index 9178d6c8c..01093e862 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -189,6 +189,8 @@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index cfa38c66b..caae5e08d 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -1054,6 +1054,7 @@ static void add(private_builder_t *this, builder_part_t part, ...) { va_list args; certificate_t *cert; + chunk_t chunk; va_start(args, part); switch (part) @@ -1070,7 +1071,8 @@ static void add(private_builder_t *this, builder_part_t part, ...) { destroy(this->ac); } - this->ac = create_from_chunk(va_arg(args, chunk_t)); + chunk = va_arg(args, chunk_t); + this->ac = create_from_chunk(chunk_clone(chunk)); break; case BUILD_NOT_BEFORE_TIME: this->ac->notBefore = va_arg(args, time_t); @@ -1079,7 +1081,8 @@ static void add(private_builder_t *this, builder_part_t part, ...) this->ac->notAfter = va_arg(args, time_t); break; case BUILD_SERIAL: - this->ac->serialNumber = va_arg(args, chunk_t); + chunk = va_arg(args, chunk_t); + this->ac->serialNumber = chunk_clone(chunk); break; case BUILD_IETF_GROUP_ATTR: ietfAttr_list_create_from_string(va_arg(args, char*), @@ -1089,29 +1092,27 @@ static void add(private_builder_t *this, builder_part_t part, ...) cert = va_arg(args, certificate_t*); if (cert->get_type(cert) == CERT_X509) { - this->ac->holderCert = cert; - } - else - { - cert->destroy(cert); + this->ac->holderCert = cert->get_ref(cert); } break; case BUILD_SIGNING_CERT: cert = va_arg(args, certificate_t*); if (cert->get_type(cert) == CERT_X509) { - this->ac->signerCert = cert; - } - else - { - cert->destroy(cert); + this->ac->signerCert = cert->get_ref(cert); } break; case BUILD_SIGNING_KEY: this->ac->signerKey = va_arg(args, private_key_t*); + this->ac->signerKey->get_ref(this->ac->signerKey); break; default: - DBG1("ignoring unsupported build part %N", builder_part_names, part); + /* abort if unsupported option */ + if (this->ac) + { + destroy(this->ac); + } + builder_cancel(&this->public); break; } va_end(args); diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 714258865..c82d14a17 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -17,7 +17,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: x509_cert.c 4051 2008-06-10 09:08:27Z tobias $ + * $Id: x509_cert.c 4317 2008-09-02 11:00:13Z martin $ */ #define _GNU_SOURCE @@ -722,7 +722,7 @@ static bool parse_certificate(private_x509_cert_t *this) break; case X509_OBJ_SUBJECT_PUBLIC_KEY_INFO: this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, - KEY_ANY, BUILD_BLOB_ASN1_DER, chunk_clone(object), BUILD_END); + KEY_ANY, BUILD_BLOB_ASN1_DER, object, BUILD_END); if (this->public_key == NULL) { DBG1("could not create public key"); @@ -1251,6 +1251,7 @@ static private_x509_cert_t *build(private_builder_t *this) static void add(private_builder_t *this, builder_part_t part, ...) { va_list args; + chunk_t chunk; va_start(args, part); switch (part) @@ -1259,13 +1260,19 @@ static void add(private_builder_t *this, builder_part_t part, ...) this->cert = create_from_file(va_arg(args, char*)); break; case BUILD_BLOB_ASN1_DER: - this->cert = create_from_chunk(va_arg(args, chunk_t)); + chunk = va_arg(args, chunk_t); + this->cert = create_from_chunk(chunk_clone(chunk)); break; case BUILD_X509_FLAG: this->flags = va_arg(args, x509_flag_t); break; default: - DBG1("ignoring unsupported build part %N", builder_part_names, part); + /* abort if unsupported option */ + if (this->cert) + { + destroy(this->cert); + } + builder_cancel(&this->public); break; } va_end(args); diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c index 3bdda1701..eb9bfe903 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.c +++ b/src/libstrongswan/plugins/x509/x509_crl.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: x509_crl.c 4091 2008-06-22 17:41:07Z andreas $ + * $Id: x509_crl.c 4317 2008-09-02 11:00:13Z martin $ */ #include "x509_crl.h" @@ -693,30 +693,37 @@ static private_x509_crl_t *build(private_builder_t *this) */ static void add(private_builder_t *this, builder_part_t part, ...) { - va_list args; - - if (this->crl) + if (!this->crl) { - DBG1("ignoring surplus build part %N", builder_part_names, part); - return; - } + va_list args; + chunk_t chunk; - va_start(args, part); - switch (part) - { - case BUILD_FROM_FILE: - this->crl = create_from_file(va_arg(args, char*)); - break; - case BUILD_BLOB_ASN1_DER: + switch (part) { - this->crl = create_from_chunk(va_arg(args, chunk_t)); - break; + case BUILD_FROM_FILE: + { + va_start(args, part); + this->crl = create_from_file(va_arg(args, char*)); + va_end(args); + return; + } + case BUILD_BLOB_ASN1_DER: + { + va_start(args, part); + chunk = va_arg(args, chunk_t); + this->crl = create_from_chunk(chunk_clone(chunk)); + va_end(args); + return; + } + default: + break; } - default: - DBG1("ignoring unsupported build part %N", builder_part_names, part); - break; } - va_end(args); + if (this->crl) + { + destroy(this->crl); + } + builder_cancel(&this->public); } /** diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c index 590a974f7..7b97b990d 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: x509_ocsp_request.c 4091 2008-06-22 17:41:07Z andreas $ + * $Id: x509_ocsp_request.c 4317 2008-09-02 11:00:13Z martin $ */ #include "x509_ocsp_request.h" @@ -547,6 +547,8 @@ static void add(private_builder_t *this, builder_part_t part, ...) { va_list args; certificate_t *cert; + identification_t *subject; + private_key_t *private; va_start(args, part); switch (part) @@ -555,35 +557,36 @@ static void add(private_builder_t *this, builder_part_t part, ...) cert = va_arg(args, certificate_t*); if (cert->get_type(cert) == CERT_X509) { - this->req->ca = (x509_t*)cert; - } - else - { - cert->destroy(cert); + this->req->ca = (x509_t*)cert->get_ref(cert); } break; case BUILD_CERT: cert = va_arg(args, certificate_t*); if (cert->get_type(cert) == CERT_X509) { - this->req->candidates->insert_last(this->req->candidates, cert); - } - else - { - cert->destroy(cert); + this->req->candidates->insert_last(this->req->candidates, + cert->get_ref(cert)); } break; case BUILD_SIGNING_CERT: - this->req->cert = va_arg(args, certificate_t*); + cert = va_arg(args, certificate_t*); + this->req->cert = cert->get_ref(cert); break; case BUILD_SIGNING_KEY: - this->req->key = va_arg(args, private_key_t*); + private = va_arg(args, private_key_t*); + this->req->key = private->get_ref(private); break; case BUILD_SUBJECT: - this->req->requestor = va_arg(args, identification_t*); + subject = va_arg(args, identification_t*); + this->req->requestor = subject->clone(subject); break; default: - DBG1("ignoring unsupported build part %N", builder_part_names, part); + /* cancel if option not supported */ + if (this->req) + { + destroy(this->req); + } + builder_cancel(&this->public); break; } va_end(args); diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c index 33cf73cd2..01f35864d 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: x509_ocsp_response.c 4091 2008-06-22 17:41:07Z andreas $ + * $Id: x509_ocsp_response.c 4317 2008-09-02 11:00:13Z martin $ */ #include "x509_ocsp_response.h" @@ -560,8 +560,7 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this, case BASIC_RESPONSE_CERTIFICATE: { cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,CERT_X509, - BUILD_BLOB_ASN1_DER, - chunk_clone(object), + BUILD_BLOB_ASN1_DER, object, BUILD_END); if (cert) { @@ -944,27 +943,30 @@ static x509_ocsp_response_t *build(private_builder_t *this) */ static void add(private_builder_t *this, builder_part_t part, ...) { - va_list args; - - if (this->res) - { - DBG1("ignoring surplus build part %N", builder_part_names, part); - return; - } - - switch (part) + if (!this->res) { - case BUILD_BLOB_ASN1_DER: + va_list args; + chunk_t chunk; + + switch (part) { - va_start(args, part); - this->res = load(va_arg(args, chunk_t)); - va_end(args); - break; + case BUILD_BLOB_ASN1_DER: + { + va_start(args, part); + chunk = va_arg(args, chunk_t); + this->res = load(chunk_clone(chunk)); + va_end(args); + return; + } + default: + break; } - default: - DBG1("ignoring unsupported build part %N", builder_part_names, part); - break; } + if (this->res) + { + destroy((private_x509_ocsp_response_t*)this->res); + } + builder_cancel(&this->public); } /** |