1 files changed, 20 insertions, 13 deletions

diff --git a/src/pluto/ca.c b/src/pluto/ca.c
index d1be22e2f..099699056 100644
--- a/src/pluto/ca.c
+++ b/src/pluto/ca.c
@@ -11,7 +11,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  *
- * RCSID $Id: ca.c,v 1.10 2005/12/25 12:29:55 as Exp $
+ * RCSID $Id: ca.c 3252 2007-10-06 21:24:50Z andreas $
  */
 
 #include <stdlib.h>
@@ -131,11 +131,21 @@ match_requested_ca(generalName_t *requested_ca, chunk_t our_ca, int *our_pathlen
 
 	if (trusted_ca(our_ca, requested_ca->name, &pathlen)
 	&& pathlen < *our_pathlen)
+	{
 	    *our_pathlen = pathlen;
+	}
 	requested_ca = requested_ca->next;
     }
 
-    return *our_pathlen <= MAX_CA_PATH_LEN;
+    if (*our_pathlen > MAX_CA_PATH_LEN)
+    {
+	*our_pathlen = MAX_CA_PATH_LEN;
+	return FALSE;
+    }
+    else
+    {
+	return TRUE;
+    }
 }
 
 /*
@@ -197,7 +207,7 @@ get_authcert(chunk_t subject, chunk_t serial, chunk_t keyid, u_char auth_flags)
 /*
  * add an authority certificate to the chained list
  */
-bool
+x509cert_t*
 add_authcert(x509cert_t *cert, u_char auth_flags)
 {
     x509cert_t *old_cert;
@@ -222,7 +232,7 @@ add_authcert(x509cert_t *cert, u_char auth_flags)
 	    unlock_authcert_list("add_authcert");
 
 	    free_x509cert(cert);
-	    return FALSE;
+	    return old_cert;
 	}
 	else
 	{
@@ -242,7 +252,7 @@ add_authcert(x509cert_t *cert, u_char auth_flags)
 	DBG_log("  authcert inserted")
     )
     unlock_authcert_list("add_authcert");
-    return TRUE;
+    return cert;
 }
 
 /*
@@ -623,15 +633,12 @@ add_ca_info(const whack_message_t *msg)
 	unlock_ca_info_list("add_ca_info");
 
 	/* add cacert to list of authcerts */
-	if (!cached_cert)
+	if (!cached_cert && sc != NULL)
 	{
-	    if (add_authcert(cacert, AUTH_CA) && sc != NULL)
-	    {
-		if (sc->last_cert.type == CERT_X509_SIGNATURE)
-		    sc->last_cert.u.x509->count--;
-		sc->last_cert = cert;
-		share_cert(sc->last_cert);
-	    }
+	    if (sc->last_cert.type == CERT_X509_SIGNATURE)
+		sc->last_cert.u.x509->count--;
+	    sc->last_cert.u.x509 = add_authcert(cacert, AUTH_CA);
+	    share_cert(sc->last_cert);
 	}
 	if (sc != NULL)
 	    time(&sc->last_load);