handle ID_KEY_ID as a ID_PUBKEY_SHA1 for authentication
authorMartin Willi <martin@strongswan.org>
Wed, 14 May 2008 06:49:31 +0000 (06:49 -0000)
committerMartin Willi <martin@strongswan.org>
Wed, 14 May 2008 06:49:31 +0000 (06:49 -0000)
src/charon/credentials/credential_manager.c
src/charon/plugins/stroke/stroke_cred.c

index 543aca5..251194b 100644 (file)
@@ -447,7 +447,6 @@ static certificate_t *fetch_ocsp(private_credential_manager_t *this, char *url,
        request->destroy(request);
 
        DBG1(DBG_CFG, "  requesting ocsp status from '%s' ...", url);
-       /* TODO: unlock manager while fetching? */
        if (lib->fetcher->fetch(lib->fetcher, url, &receive, 
                                                        FETCH_REQUEST_DATA, send,
                                                        FETCH_REQUEST_TYPE, "application/ocsp-request",
@@ -682,7 +681,6 @@ static certificate_t* fetch_crl(private_credential_manager_t *this, char *url)
        certificate_t *crl;
        chunk_t chunk;
        
-       /* TODO: unlock the manager while fetching? */
        DBG1(DBG_CFG, "  fetching crl from '%s' ...", url);
        if (lib->fetcher->fetch(lib->fetcher, url, &chunk, FETCH_END) != SUCCESS)
        {
@@ -1424,6 +1422,7 @@ static private_key_t *get_private(private_credential_manager_t *this,
                {
                        case ID_PUBKEY_SHA1:
                        case ID_PUBKEY_INFO_SHA1:
+                       case ID_KEY_ID:
                                return get_private_by_keyid(this, type, id);
                        default:
                                break;
index 9467248..52140cb 100644 (file)
@@ -104,14 +104,22 @@ static bool private_filter(id_data_t *data,
                                                   private_key_t **in, private_key_t **out)
 {
        identification_t *candidate;
+       id_type_t type;
        
        if (data->id == NULL)
        {
                *out = *in;
                return TRUE;
        }
-       candidate = (*in)->get_id(*in, data->id->get_type(data->id));
-       if (candidate && data->id->equals(data->id, candidate))
+       type = data->id->get_type(data->id);
+       if (type == ID_KEY_ID)
+       {       /* handle ID_KEY_ID as a ID_PUBKEY_SHA1 */
+               type = ID_PUBKEY_SHA1;
+       }
+       candidate = (*in)->get_id(*in, type);
+       if (candidate &&
+               chunk_equals(candidate->get_encoding(candidate),
+                                        data->id->get_encoding(data->id)))
        {
                *out = *in;
                return TRUE;