Provide CRLs received in CERT payloads to trustchain verification
[strongswan.git] / src / libcharon / sa / tasks / ike_cert_pre.c
index 23412f6..944637c 100644 (file)
@@ -253,11 +253,19 @@ static void process_certs(private_ike_cert_pre_t *this, message_t *message)
                                        }
                                        break;
                                }
+                               case ENC_CRL:
+                                       cert = cert_payload->get_cert(cert_payload);
+                                       if (cert)
+                                       {
+                                               DBG1(DBG_IKE, "received CRL \"%Y\"",
+                                                        cert->get_subject(cert));
+                                               auth->add(auth, AUTH_HELPER_REVOCATION_CERT, cert);
+                                       }
+                                       break;
                                case ENC_PKCS7_WRAPPED_X509:
                                case ENC_PGP:
                                case ENC_DNS_SIGNED_KEY:
                                case ENC_KERBEROS_TOKEN:
-                               case ENC_CRL:
                                case ENC_ARL:
                                case ENC_SPKI:
                                case ENC_X509_ATTRIBUTE:
@@ -299,7 +307,7 @@ static void add_certreq(certreq_payload_t **req, certificate_t *cert)
                        {
                                *req = certreq_payload_create_type(CERT_X509);
                        }
-                       if (public->get_fingerprint(public, KEY_ID_PUBKEY_INFO_SHA1, &keyid))
+                       if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &keyid))
                        {
                                (*req)->add_keyid(*req, keyid);
                                DBG1(DBG_IKE, "sending cert request for \"%Y\"",