ike-cert-post: Generate URL for hash-and-URL here
authorTobias Brunner <tobias@strongswan.org>
Thu, 31 Oct 2019 08:27:49 +0000 (09:27 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 26 Nov 2019 10:12:26 +0000 (11:12 +0100)
commitae06cfad36d56d4529e3a395662cfc5d9eead438
treeab8f45d3286f7a9fdd1c80d298f935ab03680b9b
parenta605452c038e506a203ca567ffbe8205f5cee786
ike-cert-post: Generate URL for hash-and-URL here

This avoids having to register certificates with authority/ca backends
beforehand, which is tricky for intermediate CA certificates loaded
themselves via authority/ca sections.  On the other hand, the form of
these URLs can't be determined by config backends anymore (not an issue
for the two current implementations, no idea if custom implementations
ever made use of that possibility).  If that became necessary, we could
perhaps pass the certificate to the CDP enumerator or add a new method
to the credential_set_t interface.
src/libcharon/plugins/stroke/stroke_ca.c
src/libcharon/plugins/vici/vici_authority.c
src/libcharon/sa/ikev2/tasks/ike_cert_post.c