Make cert_validator_t.validate optional to implement
authorMartin Willi <martin@revosec.ch>
Tue, 19 Feb 2013 10:22:36 +0000 (11:22 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 19 Feb 2013 13:31:18 +0000 (14:31 +0100)
src/libstrongswan/credentials/cert_validator.h
src/libstrongswan/credentials/credential_manager.c

index 00e30d7..effc6b0 100644 (file)
@@ -43,6 +43,7 @@ struct cert_validator_t {
         * @param pathlen               the current length of the path bottom-up
         * @param anchor                is issuer trusted root anchor
         * @param auth                  container for resulting authentication info
+        * @return                              TRUE if subject certificate valid
         */
        bool (*validate)(cert_validator_t *this, certificate_t *subject,
                                         certificate_t *issuer, bool online, u_int pathlen,
index 9e40c5a..a427b57 100644 (file)
@@ -541,6 +541,10 @@ static bool check_certificate(private_credential_manager_t *this,
        enumerator = this->validators->create_enumerator(this->validators);
        while (enumerator->enumerate(enumerator, &validator))
        {
+               if (!validator->validate)
+               {
+                       continue;
+               }
                if (!validator->validate(validator, subject, issuer,
                                                                 online, pathlen, trusted, auth))
                {