gitignore: Add nbproject/
[strongswan.git] / src / libstrongswan / credentials / certificates / crl.c
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * Copyright (C) 2006 Andreas Steffen
4 * HSR Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "crl.h"
18
19 #include <utils/debug.h>
20
21 ENUM(crl_reason_names, CRL_REASON_UNSPECIFIED, CRL_REASON_REMOVE_FROM_CRL,
22 "unspecified",
23 "key compromise",
24 "ca compromise",
25 "affiliation changed",
26 "superseded",
27 "cessation of operation",
28 "certificate hold",
29 "reason #7",
30 "remove from crl",
31 );
32
33 /**
34 * Check if this CRL is newer
35 */
36 bool crl_is_newer(crl_t *this, crl_t *other)
37 {
38 chunk_t this_num, other_num;
39 bool newer;
40
41 this_num = this->get_serial(this);
42 other_num = other->get_serial(other);
43
44 /* compare crlNumbers if available - otherwise use generic cert compare */
45 if (this_num.ptr != NULL && other_num.ptr != NULL)
46 {
47 newer = chunk_compare(this_num, other_num) > 0;
48 DBG1(DBG_LIB, " crl #%#B is %s - existing crl #%#B %s",
49 &this_num, newer ? "newer" : "not newer",
50 &other_num, newer ? "replaced" : "retained");
51 }
52 else
53 {
54 newer = certificate_is_newer(&this->certificate, &other->certificate);
55 }
56 return newer;
57 }