diff options
Diffstat (limited to 'src/pluto/ca.c')
| -rw-r--r-- | src/pluto/ca.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/pluto/ca.c b/src/pluto/ca.c index add85def8..827b98121 100644 --- a/src/pluto/ca.c +++ b/src/pluto/ca.c @@ -87,7 +87,7 @@ bool trusted_ca(identification_t *a, identification_t *b, int *pathlen) break; } certificate = cacert->cert; - + /* is the certificate self-signed? */ { x509_t *x509 = (x509_t*)certificate; @@ -219,7 +219,8 @@ cert_t* get_authcert(identification_t *subject, chunk_t keyid, } /* compare the subjectDistinguishedNames */ - if (!certificate->has_subject(certificate, subject)) + if (!(subject && certificate->has_subject(certificate, subject)) && + (subject || !keyid.ptr)) { continue; } @@ -248,7 +249,7 @@ cert_t* add_authcert(cert_t *cert, x509_flag_t auth_flags) lock_authcert_list("add_authcert"); - old_cert = get_authcert(certificate->get_subject(certificate), + old_cert = get_authcert(certificate->get_subject(certificate), x509->get_subjectKeyIdentifier(x509), auth_flags); if (old_cert) |