fixed compilation warnings and errors when not using curl
[strongswan.git] / src / libstrongswan / crypto / ca.c
index c2c6554..1e930a4 100644 (file)
@@ -382,13 +382,21 @@ err:
 /**
   * Implements ca_info_t.verify_by_ocsp.
   */
-static cert_status_t verify_by_ocsp(private_ca_info_t* this, const x509_t *cert,
-                                                                       certinfo_t *certinfo)
+static cert_status_t verify_by_ocsp(private_ca_info_t* this,
+                                                                       const x509_t *cert,
+                                                                       certinfo_t *certinfo,
+                                                                       credential_store_t *credentials)
 {
        bool found = FALSE;
 
        pthread_mutex_lock(&(this->mutex));
 
+       /* do we support OCSP at all? */
+       if (this->ocspuris->get_count(this->ocspuris) == 0)
+       {
+               goto ret;
+       }
+
        /* do we have a valid certinfo record for this serial number in our cache? */
        {
                iterator_t *iterator = this->certinfos->create_iterator(this->certinfos, TRUE);
@@ -411,11 +419,13 @@ static cert_status_t verify_by_ocsp(private_ca_info_t* this, const x509_t *cert,
                ocsp_t *ocsp;
 
                DBG2("ocsp status is not in cache");
+
                ocsp = ocsp_create(this->cacert, this->ocspuris);
-               ocsp->fetch(ocsp, certinfo);
+               ocsp->fetch(ocsp, certinfo, credentials);
                ocsp->destroy(ocsp);
        }
-       
+
+ret:
        pthread_mutex_unlock(&(this->mutex));
        return certinfo->get_status(certinfo);
 }
@@ -446,7 +456,6 @@ static int print(FILE *stream, const struct printf_info *info,
        bool utc = TRUE;
        int written = 0;
        const x509_t *cacert;
-       chunk_t keyid;
        
        if (info->alt)
        {
@@ -547,7 +556,7 @@ ca_info_t *ca_info_create(const char *name, x509_t *cacert)
        this->public.add_ocspuri = (void (*) (ca_info_t*,chunk_t))add_ocspuri;
        this->public.get_certificate = (x509_t* (*) (ca_info_t*))get_certificate;
        this->public.verify_by_crl = (cert_status_t (*) (ca_info_t*,const x509_t*,certinfo_t*))verify_by_crl;
-       this->public.verify_by_ocsp = (cert_status_t (*) (ca_info_t*,const x509_t*,certinfo_t*))verify_by_ocsp;
+       this->public.verify_by_ocsp = (cert_status_t (*) (ca_info_t*,const x509_t*,certinfo_t*,credential_store_t*))verify_by_ocsp;
        this->public.destroy = (void (*) (ca_info_t*))destroy;
 
        return &this->public;