initiator sends contents of rightca= if present as a certificate request without...
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 5 Aug 2008 09:05:57 +0000 (09:05 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 5 Aug 2008 09:05:57 +0000 (09:05 -0000)
src/charon/sa/tasks/ike_cert_pre.c

index 8ce19b8..9e11f30 100644 (file)
@@ -320,11 +320,10 @@ static void add_certreq_payload(message_t *message, certreq_payload_t **reqp,
 static void build_certreqs(private_ike_cert_pre_t *this, message_t *message)
 {
        ike_cfg_t *ike_cfg;
 static void build_certreqs(private_ike_cert_pre_t *this, message_t *message)
 {
        ike_cfg_t *ike_cfg;
+       peer_cfg_t *peer_cfg;
        enumerator_t *enumerator;
        certificate_t *cert;
        enumerator_t *enumerator;
        certificate_t *cert;
-       auth_info_t *auth;
        bool restricted = FALSE;
        bool restricted = FALSE;
-       auth_item_t item;
        certreq_payload_t *x509_req = NULL;
        
        ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
        certreq_payload_t *x509_req = NULL;
        
        ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
@@ -332,19 +331,26 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message)
        {
                return;
        }
        {
                return;
        }
-       auth = this->ike_sa->get_other_auth(this->ike_sa);
 
        /* check if we require a specific CA for that peer */
 
        /* check if we require a specific CA for that peer */
-       enumerator = auth->create_item_enumerator(auth);
-       while (enumerator->enumerate(enumerator, &item, &cert))
+       peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
+       if (peer_cfg)
        {
        {
-               if (item == AUTHN_CA_CERT)
+               auth_item_t item;
+               auth_info_t *auth = peer_cfg->get_auth(peer_cfg);
+
+               enumerator = auth->create_item_enumerator(auth);
+               while (enumerator->enumerate(enumerator, &item, &cert))
                {
                {
-                       restricted = TRUE;
-                       add_certreq_payload(message, &x509_req, cert);
+                       if (item == AUTHZ_CA_CERT)
+                       {
+                               restricted = TRUE;
+                               add_certreq_payload(message, &x509_req, cert);
+                       }
+                       /* TODO: handle AUTHZ_CA_CERT_NAME case */
                }
                }
+               enumerator->destroy(enumerator);
        }
        }
-       enumerator->destroy(enumerator);
                
        if (!restricted)
        {
                
        if (!restricted)
        {