summaryrefslogtreecommitdiff
path: root/src/libstrongswan/plugins/x509
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/plugins/x509')
-rw-r--r--src/libstrongswan/plugins/x509/Makefile.in2
-rw-r--r--src/libstrongswan/plugins/x509/x509_ac.c27
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.c15
-rw-r--r--src/libstrongswan/plugins/x509/x509_crl.c47
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_request.c33
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_response.c42
6 files changed, 94 insertions, 72 deletions
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index 9178d6c8c..01093e862 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -189,6 +189,8 @@ localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c
index cfa38c66b..caae5e08d 100644
--- a/src/libstrongswan/plugins/x509/x509_ac.c
+++ b/src/libstrongswan/plugins/x509/x509_ac.c
@@ -1054,6 +1054,7 @@ static void add(private_builder_t *this, builder_part_t part, ...)
{
va_list args;
certificate_t *cert;
+ chunk_t chunk;
va_start(args, part);
switch (part)
@@ -1070,7 +1071,8 @@ static void add(private_builder_t *this, builder_part_t part, ...)
{
destroy(this->ac);
}
- this->ac = create_from_chunk(va_arg(args, chunk_t));
+ chunk = va_arg(args, chunk_t);
+ this->ac = create_from_chunk(chunk_clone(chunk));
break;
case BUILD_NOT_BEFORE_TIME:
this->ac->notBefore = va_arg(args, time_t);
@@ -1079,7 +1081,8 @@ static void add(private_builder_t *this, builder_part_t part, ...)
this->ac->notAfter = va_arg(args, time_t);
break;
case BUILD_SERIAL:
- this->ac->serialNumber = va_arg(args, chunk_t);
+ chunk = va_arg(args, chunk_t);
+ this->ac->serialNumber = chunk_clone(chunk);
break;
case BUILD_IETF_GROUP_ATTR:
ietfAttr_list_create_from_string(va_arg(args, char*),
@@ -1089,29 +1092,27 @@ static void add(private_builder_t *this, builder_part_t part, ...)
cert = va_arg(args, certificate_t*);
if (cert->get_type(cert) == CERT_X509)
{
- this->ac->holderCert = cert;
- }
- else
- {
- cert->destroy(cert);
+ this->ac->holderCert = cert->get_ref(cert);
}
break;
case BUILD_SIGNING_CERT:
cert = va_arg(args, certificate_t*);
if (cert->get_type(cert) == CERT_X509)
{
- this->ac->signerCert = cert;
- }
- else
- {
- cert->destroy(cert);
+ this->ac->signerCert = cert->get_ref(cert);
}
break;
case BUILD_SIGNING_KEY:
this->ac->signerKey = va_arg(args, private_key_t*);
+ this->ac->signerKey->get_ref(this->ac->signerKey);
break;
default:
- DBG1("ignoring unsupported build part %N", builder_part_names, part);
+ /* abort if unsupported option */
+ if (this->ac)
+ {
+ destroy(this->ac);
+ }
+ builder_cancel(&this->public);
break;
}
va_end(args);
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 714258865..c82d14a17 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -17,7 +17,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: x509_cert.c 4051 2008-06-10 09:08:27Z tobias $
+ * $Id: x509_cert.c 4317 2008-09-02 11:00:13Z martin $
*/
#define _GNU_SOURCE
@@ -722,7 +722,7 @@ static bool parse_certificate(private_x509_cert_t *this)
break;
case X509_OBJ_SUBJECT_PUBLIC_KEY_INFO:
this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,
- KEY_ANY, BUILD_BLOB_ASN1_DER, chunk_clone(object), BUILD_END);
+ KEY_ANY, BUILD_BLOB_ASN1_DER, object, BUILD_END);
if (this->public_key == NULL)
{
DBG1("could not create public key");
@@ -1251,6 +1251,7 @@ static private_x509_cert_t *build(private_builder_t *this)
static void add(private_builder_t *this, builder_part_t part, ...)
{
va_list args;
+ chunk_t chunk;
va_start(args, part);
switch (part)
@@ -1259,13 +1260,19 @@ static void add(private_builder_t *this, builder_part_t part, ...)
this->cert = create_from_file(va_arg(args, char*));
break;
case BUILD_BLOB_ASN1_DER:
- this->cert = create_from_chunk(va_arg(args, chunk_t));
+ chunk = va_arg(args, chunk_t);
+ this->cert = create_from_chunk(chunk_clone(chunk));
break;
case BUILD_X509_FLAG:
this->flags = va_arg(args, x509_flag_t);
break;
default:
- DBG1("ignoring unsupported build part %N", builder_part_names, part);
+ /* abort if unsupported option */
+ if (this->cert)
+ {
+ destroy(this->cert);
+ }
+ builder_cancel(&this->public);
break;
}
va_end(args);
diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c
index 3bdda1701..eb9bfe903 100644
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: x509_crl.c 4091 2008-06-22 17:41:07Z andreas $
+ * $Id: x509_crl.c 4317 2008-09-02 11:00:13Z martin $
*/
#include "x509_crl.h"
@@ -693,30 +693,37 @@ static private_x509_crl_t *build(private_builder_t *this)
*/
static void add(private_builder_t *this, builder_part_t part, ...)
{
- va_list args;
-
- if (this->crl)
+ if (!this->crl)
{
- DBG1("ignoring surplus build part %N", builder_part_names, part);
- return;
- }
+ va_list args;
+ chunk_t chunk;
- va_start(args, part);
- switch (part)
- {
- case BUILD_FROM_FILE:
- this->crl = create_from_file(va_arg(args, char*));
- break;
- case BUILD_BLOB_ASN1_DER:
+ switch (part)
{
- this->crl = create_from_chunk(va_arg(args, chunk_t));
- break;
+ case BUILD_FROM_FILE:
+ {
+ va_start(args, part);
+ this->crl = create_from_file(va_arg(args, char*));
+ va_end(args);
+ return;
+ }
+ case BUILD_BLOB_ASN1_DER:
+ {
+ va_start(args, part);
+ chunk = va_arg(args, chunk_t);
+ this->crl = create_from_chunk(chunk_clone(chunk));
+ va_end(args);
+ return;
+ }
+ default:
+ break;
}
- default:
- DBG1("ignoring unsupported build part %N", builder_part_names, part);
- break;
}
- va_end(args);
+ if (this->crl)
+ {
+ destroy(this->crl);
+ }
+ builder_cancel(&this->public);
}
/**
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
index 590a974f7..7b97b990d 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: x509_ocsp_request.c 4091 2008-06-22 17:41:07Z andreas $
+ * $Id: x509_ocsp_request.c 4317 2008-09-02 11:00:13Z martin $
*/
#include "x509_ocsp_request.h"
@@ -547,6 +547,8 @@ static void add(private_builder_t *this, builder_part_t part, ...)
{
va_list args;
certificate_t *cert;
+ identification_t *subject;
+ private_key_t *private;
va_start(args, part);
switch (part)
@@ -555,35 +557,36 @@ static void add(private_builder_t *this, builder_part_t part, ...)
cert = va_arg(args, certificate_t*);
if (cert->get_type(cert) == CERT_X509)
{
- this->req->ca = (x509_t*)cert;
- }
- else
- {
- cert->destroy(cert);
+ this->req->ca = (x509_t*)cert->get_ref(cert);
}
break;
case BUILD_CERT:
cert = va_arg(args, certificate_t*);
if (cert->get_type(cert) == CERT_X509)
{
- this->req->candidates->insert_last(this->req->candidates, cert);
- }
- else
- {
- cert->destroy(cert);
+ this->req->candidates->insert_last(this->req->candidates,
+ cert->get_ref(cert));
}
break;
case BUILD_SIGNING_CERT:
- this->req->cert = va_arg(args, certificate_t*);
+ cert = va_arg(args, certificate_t*);
+ this->req->cert = cert->get_ref(cert);
break;
case BUILD_SIGNING_KEY:
- this->req->key = va_arg(args, private_key_t*);
+ private = va_arg(args, private_key_t*);
+ this->req->key = private->get_ref(private);
break;
case BUILD_SUBJECT:
- this->req->requestor = va_arg(args, identification_t*);
+ subject = va_arg(args, identification_t*);
+ this->req->requestor = subject->clone(subject);
break;
default:
- DBG1("ignoring unsupported build part %N", builder_part_names, part);
+ /* cancel if option not supported */
+ if (this->req)
+ {
+ destroy(this->req);
+ }
+ builder_cancel(&this->public);
break;
}
va_end(args);
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
index 33cf73cd2..01f35864d 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: x509_ocsp_response.c 4091 2008-06-22 17:41:07Z andreas $
+ * $Id: x509_ocsp_response.c 4317 2008-09-02 11:00:13Z martin $
*/
#include "x509_ocsp_response.h"
@@ -560,8 +560,7 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
case BASIC_RESPONSE_CERTIFICATE:
{
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,CERT_X509,
- BUILD_BLOB_ASN1_DER,
- chunk_clone(object),
+ BUILD_BLOB_ASN1_DER, object,
BUILD_END);
if (cert)
{
@@ -944,27 +943,30 @@ static x509_ocsp_response_t *build(private_builder_t *this)
*/
static void add(private_builder_t *this, builder_part_t part, ...)
{
- va_list args;
-
- if (this->res)
- {
- DBG1("ignoring surplus build part %N", builder_part_names, part);
- return;
- }
-
- switch (part)
+ if (!this->res)
{
- case BUILD_BLOB_ASN1_DER:
+ va_list args;
+ chunk_t chunk;
+
+ switch (part)
{
- va_start(args, part);
- this->res = load(va_arg(args, chunk_t));
- va_end(args);
- break;
+ case BUILD_BLOB_ASN1_DER:
+ {
+ va_start(args, part);
+ chunk = va_arg(args, chunk_t);
+ this->res = load(chunk_clone(chunk));
+ va_end(args);
+ return;
+ }
+ default:
+ break;
}
- default:
- DBG1("ignoring unsupported build part %N", builder_part_names, part);
- break;
}
+ if (this->res)
+ {
+ destroy((private_x509_ocsp_response_t*)this->res);
+ }
+ builder_cancel(&this->public);
}
/**