fixed crash when CA for certrequest not found
authorMartin Willi <martin@strongswan.org>
Mon, 8 Jan 2007 13:40:36 +0000 (13:40 -0000)
committerMartin Willi <martin@strongswan.org>
Mon, 8 Jan 2007 13:40:36 +0000 (13:40 -0000)
src/charon/encoding/payloads/certreq_payload.c
src/charon/sa/transactions/ike_auth.c

index 07d3ce2..86f2e35 100644 (file)
@@ -268,11 +268,21 @@ certreq_payload_t *certreq_payload_create()
  */
 certreq_payload_t *certreq_payload_create_from_cacert(identification_t *id)
 {
-       x509_t *cacert = charon->credentials->get_ca_certificate(charon->credentials, id);
-       rsa_public_key_t *pubkey = cacert->get_public_key(cacert);
-       chunk_t keyid = pubkey->get_keyid(pubkey);
+       x509_t *cacert;
+       rsa_public_key_t *pubkey;
+       chunk_t keyid;
+       certreq_payload_t *this;
+       
+       cacert = charon->credentials->get_ca_certificate(charon->credentials, id);
+       if (cacert == NULL)
+       {
+               /* no such CA cert */
+               return NULL;
+       }
 
-       certreq_payload_t *this = certreq_payload_create();
+       this = certreq_payload_create();
+       pubkey = cacert->get_public_key(cacert);
+       keyid = pubkey->get_keyid(pubkey);
 
        DBG2(DBG_IKE, "requesting certificate issued by '%D'", id);
        DBG2(DBG_IKE, "  with keyid %#B", &keyid);
index 3ab4d8a..5d137f6 100644 (file)
@@ -255,14 +255,21 @@ static status_t get_request(private_ike_auth_t *this, message_t **result)
        {
                certreq_payload_t *certreq_payload;
                identification_t *other_ca = this->policy->get_other_ca(this->policy);
-
-               certreq_payload = (other_ca->get_type(other_ca) == ID_ANY)
-                       ? certreq_payload_create_from_cacerts()
-                       : certreq_payload_create_from_cacert(other_ca);
-
-               if (certreq_payload != NULL)
+               
+               if (other_ca)
                {
-                       request->add_payload(request, (payload_t*)certreq_payload);
+                       if (other_ca->get_type(other_ca) == ID_ANY)
+                       {
+                               certreq_payload = certreq_payload_create_from_cacerts();
+                       }
+                       else
+                       {
+                               certreq_payload = certreq_payload_create_from_cacert(other_ca);
+                       }
+                       if (certreq_payload != NULL)
+                       {
+                               request->add_payload(request, (payload_t*)certreq_payload);
+                       }
                }
        }