/**
* Implementation of credential_store_t.get_issuer.
*/
-static ca_info_t* get_issuer(private_local_credential_store_t *this, const x509_t *cert)
+static ca_info_t* get_issuer(private_local_credential_store_t *this, x509_t *cert)
{
ca_info_t *found = cert->get_ca_info(cert);
x509_t *end_cert = cert;
x509_t *cert_copy = find_certificate(this->certs, end_cert);
- DBG2(DBG_CFG, "verifying end entity certificate:");
+ DBG1(DBG_CFG, "verifying end entity certificate up to trust anchor:");
*found = (cert_copy != NULL);
if (*found)
cert_status_t status;
certinfo_t *certinfo = certinfo_create(cert->get_serialNumber(cert));
+ certinfo->set_status(certinfo, CERT_UNKNOWN);
+
if (pathlen == 0)
{
/* add any crl and ocsp uris contained in the certificate under test */
status_t sig_status;
x509_t *cert;
+ DBG1(DBG_CFG, "verifying RSA signature:");
+
/* default return values in case of failure */
sig_status = NOT_FOUND;
*issuer_p = NULL;
this->public.credential_store.get_certificate = (x509_t* (*) (credential_store_t*,identification_t*))get_certificate;
this->public.credential_store.get_auth_certificate = (x509_t* (*) (credential_store_t*,u_int,identification_t*))get_auth_certificate;
this->public.credential_store.get_ca_certificate_by_keyid = (x509_t* (*) (credential_store_t*,chunk_t))get_ca_certificate_by_keyid;
- this->public.credential_store.get_issuer = (ca_info_t* (*) (credential_store_t*,const x509_t*))get_issuer;
+ this->public.credential_store.get_issuer = (ca_info_t* (*) (credential_store_t*,x509_t*))get_issuer;
this->public.credential_store.is_trusted = (bool (*) (credential_store_t*,x509_t*))is_trusted;
this->public.credential_store.verify_signature = (status_t (*) (credential_store_t*,chunk_t,chunk_t,identification_t*,ca_info_t**))verify_signature;
this->public.credential_store.verify = (bool (*) (credential_store_t*,x509_t*,bool*))verify;