fixed compilation warnings and errors when not using curl
[strongswan.git] / src / libstrongswan / crypto / ca.c
index e35a204..1e930a4 100644 (file)
@@ -30,6 +30,7 @@
 #include "crl.h"
 #include "ca.h"
 #include "certinfo.h"
+#include "ocsp.h"
 
 #include <library.h>
 #include <debug.h>
@@ -199,6 +200,18 @@ static void list_crl(private_ca_info_t *this, FILE *out, bool utc)
 }
 
 /**
+ * Implements ca_info_t.list_certinfos
+ */
+static void list_certinfos(private_ca_info_t *this, FILE *out, bool utc)
+{
+       pthread_mutex_lock(&(this->mutex));
+
+       /* fprintf(out, "%#X\n", this->certifnos, utc); */
+
+       pthread_mutex_unlock(&(this->mutex));
+}
+
+/**
  * Find an exact copy of an identification in a linked list
  */
 static identification_t* find_identification(linked_list_t *list, identification_t *id)
@@ -369,16 +382,25 @@ err:
 /**
   * Implements ca_info_t.verify_by_ocsp.
   */
-static cert_status_t verify_by_ocsp(private_ca_info_t* this, const x509_t *cert,
-                                                                       certinfo_t *certinfo)
+static cert_status_t verify_by_ocsp(private_ca_info_t* this,
+                                                                       const x509_t *cert,
+                                                                       certinfo_t *certinfo,
+                                                                       credential_store_t *credentials)
 {
+       bool found = FALSE;
+
        pthread_mutex_lock(&(this->mutex));
 
+       /* do we support OCSP at all? */
+       if (this->ocspuris->get_count(this->ocspuris) == 0)
+       {
+               goto ret;
+       }
+
        /* do we have a valid certinfo record for this serial number in our cache? */
        {
                iterator_t *iterator = this->certinfos->create_iterator(this->certinfos, TRUE);
                certinfo_t *current_certinfo;
-               bool found = FALSE;
 
                while(iterator->iterate(iterator, (void**)&current_certinfo))
                {
@@ -390,12 +412,20 @@ static cert_status_t verify_by_ocsp(private_ca_info_t* this, const x509_t *cert,
                        }
                }
                iterator->destroy(iterator);
-               if (!found)
-               {
-                       DBG2("ocsp status is not in cache");
-               }
        }
        
+       if (!found)
+       {
+               ocsp_t *ocsp;
+
+               DBG2("ocsp status is not in cache");
+
+               ocsp = ocsp_create(this->cacert, this->ocspuris);
+               ocsp->fetch(ocsp, certinfo, credentials);
+               ocsp->destroy(ocsp);
+       }
+
+ret:
        pthread_mutex_unlock(&(this->mutex));
        return certinfo->get_status(certinfo);
 }
@@ -426,7 +456,6 @@ static int print(FILE *stream, const struct printf_info *info,
        bool utc = TRUE;
        int written = 0;
        const x509_t *cacert;
-       chunk_t keyid;
        
        if (info->alt)
        {
@@ -527,7 +556,7 @@ ca_info_t *ca_info_create(const char *name, x509_t *cacert)
        this->public.add_ocspuri = (void (*) (ca_info_t*,chunk_t))add_ocspuri;
        this->public.get_certificate = (x509_t* (*) (ca_info_t*))get_certificate;
        this->public.verify_by_crl = (cert_status_t (*) (ca_info_t*,const x509_t*,certinfo_t*))verify_by_crl;
-       this->public.verify_by_ocsp = (cert_status_t (*) (ca_info_t*,const x509_t*,certinfo_t*))verify_by_ocsp;
+       this->public.verify_by_ocsp = (cert_status_t (*) (ca_info_t*,const x509_t*,certinfo_t*,credential_store_t*))verify_by_ocsp;
        this->public.destroy = (void (*) (ca_info_t*))destroy;
 
        return &this->public;