From 7b0305f59ddab9ea026b202a8c569912e5bf9a90 Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Wed, 4 Jul 2007 23:47:20 +0000 Subject: [svn-upgrade] Integrating new upstream version, strongswan (4.1.4) --- .../config/credentials/local_credential_store.c | 10 ++++++++-- src/charon/config/traffic_selector.c | 20 +++++++++++++------- 2 files changed, 21 insertions(+), 9 deletions(-) (limited to 'src/charon/config') diff --git a/src/charon/config/credentials/local_credential_store.c b/src/charon/config/credentials/local_credential_store.c index 6964345b3..649fcbcfb 100644 --- a/src/charon/config/credentials/local_credential_store.c +++ b/src/charon/config/credentials/local_credential_store.c @@ -456,7 +456,10 @@ static void add_uris(ca_info_t *issuer, x509_t *cert) while (iterator->iterate(iterator, (void**)&uri)) { - issuer->add_crluri(issuer, uri->get_encoding(uri)); + if (uri->get_type(uri) == ID_DER_ASN1_GN_URI) + { + issuer->add_crluri(issuer, uri->get_encoding(uri)); + } } iterator->destroy(iterator); @@ -465,7 +468,10 @@ static void add_uris(ca_info_t *issuer, x509_t *cert) while (iterator->iterate(iterator, (void**)&uri)) { - issuer->add_ocspuri(issuer, uri->get_encoding(uri)); + if (uri->get_type(uri) == ID_DER_ASN1_GN_URI) + { + issuer->add_ocspuri(issuer, uri->get_encoding(uri)); + } } iterator->destroy(iterator); } diff --git a/src/charon/config/traffic_selector.c b/src/charon/config/traffic_selector.c index b399074d1..da39c434d 100644 --- a/src/charon/config/traffic_selector.c +++ b/src/charon/config/traffic_selector.c @@ -175,6 +175,7 @@ static int print(FILE *stream, const struct printf_info *info, bool has_proto; bool has_ports; size_t written = 0; + u_int32_t from[4], to[4]; if (this == NULL) { @@ -193,7 +194,11 @@ static int print(FILE *stream, const struct printf_info *info, return written; } - if (this->dynamic) + memset(from, 0, sizeof(from)); + memset(to, 0xFF, sizeof(to)); + if (this->dynamic && + memeq(this->from, from, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16) && + memeq(this->to, to, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16)) { return fprintf(stream, "dynamic/%d", this->type == TS_IPV4_ADDR_RANGE ? 32 : 128); @@ -341,6 +346,7 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_ /* we have a match in protocol, port, and address: return it... */ new_ts = traffic_selector_create(protocol, this->type, from_port, to_port); new_ts->type = this->type; + new_ts->dynamic = this->dynamic || other->dynamic; memcpy(new_ts->from, from, size); memcpy(new_ts->to, to, size); @@ -475,11 +481,6 @@ static u_int8_t get_protocol(private_traffic_selector_t *this) */ static bool is_host(private_traffic_selector_t *this, host_t *host) { - if (this->dynamic) - { - return TRUE; - } - if (host) { chunk_t addr; @@ -498,7 +499,12 @@ static bool is_host(private_traffic_selector_t *this, host_t *host) } else { - size_t length = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16; + size_t length = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16; + + if (this->dynamic) + { + return TRUE; + } if (memeq(this->from, this->to, length)) { -- cgit v1.2.3