fixed bug occuring with multiple occurences of the same cacert on a smartcard
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 13 Aug 2007 07:47:47 +0000 (07:47 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 13 Aug 2007 07:47:47 +0000 (07:47 -0000)
src/pluto/ca.c
src/pluto/ca.h
src/pluto/smartcard.c

index d1be22e..878cf86 100644 (file)
@@ -197,7 +197,7 @@ get_authcert(chunk_t subject, chunk_t serial, chunk_t keyid, u_char auth_flags)
 /*
  * add an authority certificate to the chained list
  */
-bool
+x509cert_t*
 add_authcert(x509cert_t *cert, u_char auth_flags)
 {
     x509cert_t *old_cert;
@@ -222,7 +222,7 @@ add_authcert(x509cert_t *cert, u_char auth_flags)
            unlock_authcert_list("add_authcert");
 
            free_x509cert(cert);
-           return FALSE;
+           return old_cert;
        }
        else
        {
@@ -242,7 +242,7 @@ add_authcert(x509cert_t *cert, u_char auth_flags)
        DBG_log("  authcert inserted")
     )
     unlock_authcert_list("add_authcert");
-    return TRUE;
+    return cert;
 }
 
 /*
@@ -623,15 +623,12 @@ add_ca_info(const whack_message_t *msg)
        unlock_ca_info_list("add_ca_info");
 
        /* add cacert to list of authcerts */
-       if (!cached_cert)
+       if (!cached_cert && sc != NULL)
        {
-           if (add_authcert(cacert, AUTH_CA) && sc != NULL)
-           {
-               if (sc->last_cert.type == CERT_X509_SIGNATURE)
-                   sc->last_cert.u.x509->count--;
-               sc->last_cert = cert;
-               share_cert(sc->last_cert);
-           }
+           if (sc->last_cert.type == CERT_X509_SIGNATURE)
+               sc->last_cert.u.x509->count--;
+           sc->last_cert.u.x509 = add_authcert(cacert, AUTH_CA);
+           share_cert(sc->last_cert);
        }
        if (sc != NULL)
            time(&sc->last_load);
index 8d4602d..eaeede8 100644 (file)
@@ -54,7 +54,7 @@ extern x509cert_t* get_authcert(chunk_t subject, chunk_t serial, chunk_t keyid
     , u_char auth_flags);
 extern void load_authcerts(const char *type, const char *path
     , u_char auth_flags);
-extern bool add_authcert(x509cert_t *cert, u_char auth_flags);
+extern x509cert_t* add_authcert(x509cert_t *cert, u_char auth_flags);
 extern void free_authcerts(void);
 extern void list_authcerts(const char *caption, u_char auth_flags, bool utc);
 extern bool trust_authcert_candidate(const x509cert_t *cert
index 067d0f0..1261d6d 100644 (file)
@@ -593,11 +593,13 @@ scx_find_cert_objects(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
 
        /* put end entity and ca certificates into different chains */
        if (cert->isCA)
-           add_authcert(cert, AUTH_CA);
+       {
+           sc->last_cert.u.x509 = add_authcert(cert, AUTH_CA);
+       }
        else
        {
            add_x509_public_key(cert, valid_until, DAL_LOCAL);
-            sc->last_cert.u.x509 = add_x509cert(cert);
+           sc->last_cert.u.x509 = add_x509cert(cert);
        }
 
        share_cert(sc->last_cert);