Added an AUTH_HELPER for revocation certificates

author Martin Willi <martin@revosec.ch>

Thu, 23 Dec 2010 11:17:49 +0000 (12:17 +0100)

committer Martin Willi <martin@revosec.ch>

Wed, 5 Jan 2011 15:46:06 +0000 (16:46 +0100)
author Martin Willi <martin@revosec.ch>
Thu, 23 Dec 2010 11:17:49 +0000 (12:17 +0100)
committer Martin Willi <martin@revosec.ch>
Wed, 5 Jan 2011 15:46:06 +0000 (16:46 +0100)
diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c

index 98659f7..23a3f62 100644 (file)
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -131,6 +131,7 @@ static void destroy_entry_value(entry_t *entry)
                 case AUTH_RULE_SUBJECT_CERT:
                 case AUTH_HELPER_IM_CERT:
                 case AUTH_HELPER_SUBJECT_CERT:
+               case AUTH_HELPER_REVOCATION_CERT:
                 {
                         certificate_t *cert = (certificate_t*)entry->value;
                         cert->destroy(cert);
@@ -192,6 +193,7 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator,
                         case AUTH_HELPER_SUBJECT_CERT:
                         case AUTH_HELPER_IM_HASH_URL:
                         case AUTH_HELPER_SUBJECT_HASH_URL:
+                       case AUTH_HELPER_REVOCATION_CERT:
                                 /* pointer type */
                                 enumerator->current->value = va_arg(args, void*);
                                 break;
@@ -261,6 +263,7 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type)
                 case AUTH_HELPER_SUBJECT_CERT:
                 case AUTH_HELPER_IM_HASH_URL:
                 case AUTH_HELPER_SUBJECT_HASH_URL:
+               case AUTH_HELPER_REVOCATION_CERT:
                 default:
                         return NULL;
         }
@@ -300,6 +303,7 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...)
                 case AUTH_HELPER_SUBJECT_CERT:
                 case AUTH_HELPER_IM_HASH_URL:
                 case AUTH_HELPER_SUBJECT_HASH_URL:
+               case AUTH_HELPER_REVOCATION_CERT:
                         /* pointer type */
                         entry->value = va_arg(args, void*);
                         break;
@@ -561,6 +565,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints,
                         case AUTH_HELPER_SUBJECT_CERT:
                         case AUTH_HELPER_IM_HASH_URL:
                         case AUTH_HELPER_SUBJECT_HASH_URL:
+                       case AUTH_HELPER_REVOCATION_CERT:
                                 /* skip helpers */
                                 continue;
                 }
@@ -607,6 +612,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
                                 case AUTH_RULE_SUBJECT_CERT:
                                 case AUTH_HELPER_IM_CERT:
                                 case AUTH_HELPER_SUBJECT_CERT:
+                               case AUTH_HELPER_REVOCATION_CERT:
                                 {
                                         certificate_t *cert = (certificate_t*)value;
  
@@ -702,6 +708,7 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other)
                                         case AUTH_RULE_SUBJECT_CERT:
                                         case AUTH_HELPER_IM_CERT:
                                         case AUTH_HELPER_SUBJECT_CERT:
+                                       case AUTH_HELPER_REVOCATION_CERT:
                                         {
                                                 certificate_t *c1, *c2;
  
@@ -815,6 +822,7 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this)
                         case AUTH_RULE_SUBJECT_CERT:
                         case AUTH_HELPER_IM_CERT:
                         case AUTH_HELPER_SUBJECT_CERT:
+                       case AUTH_HELPER_REVOCATION_CERT:
                         {
                                 certificate_t *cert = (certificate_t*)entry->value;
                                 clone->add(clone, entry->type, cert->get_ref(cert));
diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h

index 8391f79..489ce11 100644 (file)
--- a/src/libstrongswan/credentials/auth_cfg.h
+++ b/src/libstrongswan/credentials/auth_cfg.h
@@ -105,6 +105,8 @@ enum auth_rule_t {
         AUTH_HELPER_IM_HASH_URL,
         /** Hash and URL of a end-entity certificate, char* */
         AUTH_HELPER_SUBJECT_HASH_URL,
+       /** revocation certificate (CRL, OCSP), certificate_t* */
+       AUTH_HELPER_REVOCATION_CERT,
  };
  
  /**
diff --git a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c

index 5e84586..225fabe 100644 (file)
--- a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c
+++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c
@@ -132,7 +132,8 @@ static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert)
                         }
                 }
                 else if (rule != AUTH_HELPER_SUBJECT_CERT &&
-                                rule != AUTH_HELPER_IM_CERT)
+                                rule != AUTH_HELPER_IM_CERT &&
+                                rule != AUTH_HELPER_REVOCATION_CERT)
                 {       /* handle only HELPER certificates */
                         continue;
                 }
author	Martin Willi <martin@revosec.ch>
	Thu, 23 Dec 2010 11:17:49 +0000 (12:17 +0100)
committer	Martin Willi <martin@revosec.ch>
	Wed, 5 Jan 2011 15:46:06 +0000 (16:46 +0100)
src/libstrongswan/credentials/auth_cfg.c		patch \| blob \| history
src/libstrongswan/credentials/auth_cfg.h		patch \| blob \| history
src/libstrongswan/credentials/sets/auth_cfg_wrapper.c		patch \| blob \| history