diff options
Diffstat (limited to 'src/pluto/ca.c')
-rw-r--r-- | src/pluto/ca.c | 33 |
1 files changed, 20 insertions, 13 deletions
diff --git a/src/pluto/ca.c b/src/pluto/ca.c index d1be22e2f..099699056 100644 --- a/src/pluto/ca.c +++ b/src/pluto/ca.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: ca.c,v 1.10 2005/12/25 12:29:55 as Exp $ + * RCSID $Id: ca.c 3252 2007-10-06 21:24:50Z andreas $ */ #include <stdlib.h> @@ -131,11 +131,21 @@ match_requested_ca(generalName_t *requested_ca, chunk_t our_ca, int *our_pathlen if (trusted_ca(our_ca, requested_ca->name, &pathlen) && pathlen < *our_pathlen) + { *our_pathlen = pathlen; + } requested_ca = requested_ca->next; } - return *our_pathlen <= MAX_CA_PATH_LEN; + if (*our_pathlen > MAX_CA_PATH_LEN) + { + *our_pathlen = MAX_CA_PATH_LEN; + return FALSE; + } + else + { + return TRUE; + } } /* @@ -197,7 +207,7 @@ get_authcert(chunk_t subject, chunk_t serial, chunk_t keyid, u_char auth_flags) /* * add an authority certificate to the chained list */ -bool +x509cert_t* add_authcert(x509cert_t *cert, u_char auth_flags) { x509cert_t *old_cert; @@ -222,7 +232,7 @@ add_authcert(x509cert_t *cert, u_char auth_flags) unlock_authcert_list("add_authcert"); free_x509cert(cert); - return FALSE; + return old_cert; } else { @@ -242,7 +252,7 @@ add_authcert(x509cert_t *cert, u_char auth_flags) DBG_log(" authcert inserted") ) unlock_authcert_list("add_authcert"); - return TRUE; + return cert; } /* @@ -623,15 +633,12 @@ add_ca_info(const whack_message_t *msg) unlock_ca_info_list("add_ca_info"); /* add cacert to list of authcerts */ - if (!cached_cert) + if (!cached_cert && sc != NULL) { - if (add_authcert(cacert, AUTH_CA) && sc != NULL) - { - if (sc->last_cert.type == CERT_X509_SIGNATURE) - sc->last_cert.u.x509->count--; - sc->last_cert = cert; - share_cert(sc->last_cert); - } + if (sc->last_cert.type == CERT_X509_SIGNATURE) + sc->last_cert.u.x509->count--; + sc->last_cert.u.x509 = add_authcert(cacert, AUTH_CA); + share_cert(sc->last_cert); } if (sc != NULL) time(&sc->last_load); |