treat sig_alg and algorithm comparison in a consistent way over all certificate types
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 26 Mar 2008 13:10:36 +0000 (13:10 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 26 Mar 2008 13:10:36 +0000 (13:10 -0000)
src/libstrongswan/plugins/x509/x509_ac.c
src/libstrongswan/plugins/x509/x509_crl.c

index 6dfbc79..42dbc94 100644 (file)
@@ -484,6 +484,11 @@ static bool parse_certificate(private_x509_ac_t *this)
                                break;
                        case AC_OBJ_ALGORITHM:
                                this->algorithm = parse_algorithmIdentifier(object, level, NULL);
+                               if (this->algorithm != sig_alg)
+                               {
+                                       DBG1("  signature algorithms do not agree");
+                                       return FALSE;
+                               }
                                break;
                        case AC_OBJ_SIGNATURE:
                                this->signature = object;
index 2b5d098..d59b153 100644 (file)
@@ -200,6 +200,7 @@ static bool parse(private_x509_crl_t *this)
        revoked_t *revoked = NULL;
        chunk_t object;
        u_int level;
+       int sig_alg = OID_UNKNOWN;
        int objectID = 0;
 
        asn1_init(&ctx, this->encoding, 0, FALSE, FALSE);
@@ -223,7 +224,7 @@ static bool parse(private_x509_crl_t *this)
                                DBG2("  v%d", this->version);
                                break;
                        case CRL_OBJ_SIG_ALG:
-                               this->algorithm = parse_algorithmIdentifier(object, level, NULL);
+                               sig_alg = parse_algorithmIdentifier(object, level, NULL);
                                break;
                        case CRL_OBJ_ISSUER:
                                this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
@@ -287,8 +288,8 @@ static bool parse(private_x509_crl_t *this)
                                break;
                        case CRL_OBJ_ALGORITHM:
                        {
-                               int algo = parse_algorithmIdentifier(object, level, NULL);
-                               if (this->algorithm != algo)
+                               this->algorithm = parse_algorithmIdentifier(object, level, NULL);
+                               if (this->algorithm != sig_alg)
                                {
                                        DBG1("  signature algorithms do not agree");
                                        return FALSE;