summaryrefslogtreecommitdiff
path: root/src/pluto/ca.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/pluto/ca.c')
-rw-r--r--src/pluto/ca.c33
1 files changed, 20 insertions, 13 deletions
diff --git a/src/pluto/ca.c b/src/pluto/ca.c
index d1be22e2f..099699056 100644
--- a/src/pluto/ca.c
+++ b/src/pluto/ca.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: ca.c,v 1.10 2005/12/25 12:29:55 as Exp $
+ * RCSID $Id: ca.c 3252 2007-10-06 21:24:50Z andreas $
*/
#include <stdlib.h>
@@ -131,11 +131,21 @@ match_requested_ca(generalName_t *requested_ca, chunk_t our_ca, int *our_pathlen
if (trusted_ca(our_ca, requested_ca->name, &pathlen)
&& pathlen < *our_pathlen)
+ {
*our_pathlen = pathlen;
+ }
requested_ca = requested_ca->next;
}
- return *our_pathlen <= MAX_CA_PATH_LEN;
+ if (*our_pathlen > MAX_CA_PATH_LEN)
+ {
+ *our_pathlen = MAX_CA_PATH_LEN;
+ return FALSE;
+ }
+ else
+ {
+ return TRUE;
+ }
}
/*
@@ -197,7 +207,7 @@ get_authcert(chunk_t subject, chunk_t serial, chunk_t keyid, u_char auth_flags)
/*
* add an authority certificate to the chained list
*/
-bool
+x509cert_t*
add_authcert(x509cert_t *cert, u_char auth_flags)
{
x509cert_t *old_cert;
@@ -222,7 +232,7 @@ add_authcert(x509cert_t *cert, u_char auth_flags)
unlock_authcert_list("add_authcert");
free_x509cert(cert);
- return FALSE;
+ return old_cert;
}
else
{
@@ -242,7 +252,7 @@ add_authcert(x509cert_t *cert, u_char auth_flags)
DBG_log(" authcert inserted")
)
unlock_authcert_list("add_authcert");
- return TRUE;
+ return cert;
}
/*
@@ -623,15 +633,12 @@ add_ca_info(const whack_message_t *msg)
unlock_ca_info_list("add_ca_info");
/* add cacert to list of authcerts */
- if (!cached_cert)
+ if (!cached_cert && sc != NULL)
{
- if (add_authcert(cacert, AUTH_CA) && sc != NULL)
- {
- if (sc->last_cert.type == CERT_X509_SIGNATURE)
- sc->last_cert.u.x509->count--;
- sc->last_cert = cert;
- share_cert(sc->last_cert);
- }
+ if (sc->last_cert.type == CERT_X509_SIGNATURE)
+ sc->last_cert.u.x509->count--;
+ sc->last_cert.u.x509 = add_authcert(cacert, AUTH_CA);
+ share_cert(sc->last_cert);
}
if (sc != NULL)
time(&sc->last_load);