From 6b99c8d9cff7b3e8ae8f3204b99e7ea40f791349 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Sun, 25 Aug 2013 15:37:26 +0200
Subject: Imported Upstream version 5.1.0

---
 src/libstrongswan/plugins/constraints/constraints_validator.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/libstrongswan/plugins/constraints/constraints_validator.c')

diff --git a/src/libstrongswan/plugins/constraints/constraints_validator.c b/src/libstrongswan/plugins/constraints/constraints_validator.c
index 83a74299a..62ccc7108 100644
--- a/src/libstrongswan/plugins/constraints/constraints_validator.c
+++ b/src/libstrongswan/plugins/constraints/constraints_validator.c
@@ -533,20 +533,28 @@ METHOD(cert_validator_t, validate, bool,
 	{
 		if (!check_pathlen((x509_t*)issuer, pathlen))
 		{
+			lib->credmgr->call_hook(lib->credmgr, CRED_HOOK_EXCEEDED_PATH_LEN,
+									subject);
 			return FALSE;
 		}
 		if (!check_name_constraints(subject, (x509_t*)issuer))
 		{
+			lib->credmgr->call_hook(lib->credmgr, CRED_HOOK_POLICY_VIOLATION,
+									subject);
 			return FALSE;
 		}
 		if (!check_policy((x509_t*)subject, (x509_t*)issuer, !pathlen, auth))
 		{
+			lib->credmgr->call_hook(lib->credmgr, CRED_HOOK_POLICY_VIOLATION,
+									subject);
 			return FALSE;
 		}
 		if (anchor)
 		{
 			if (!check_policy_constraints((x509_t*)issuer, pathlen, auth))
 			{
+				lib->credmgr->call_hook(lib->credmgr,
+										CRED_HOOK_POLICY_VIOLATION, issuer);
 				return FALSE;
 			}
 		}
-- 
cgit v1.2.3