Add missing AUTH_RULE for trusted self-signed peer certificates
authorMartin Willi <martin@revosec.ch>
Tue, 1 Feb 2011 08:24:42 +0000 (09:24 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 1 Feb 2011 08:25:10 +0000 (09:25 +0100)
src/libstrongswan/credentials/credential_manager.c

index 91ed3cf..27b97ea 100644 (file)
@@ -716,6 +716,11 @@ METHOD(enumerator_t, trusted_enumerate, bool,
                                DBG1(DBG_CFG, "  using trusted certificate \"%Y\"",
                                         this->pretrusted->get_subject(this->pretrusted));
                                *cert = this->pretrusted;
+                               if (!this->auth->get(this->auth, AUTH_RULE_SUBJECT_CERT))
+                               {       /* add cert to auth info, if not returned by trustchain */
+                                       this->auth->add(this->auth, AUTH_RULE_SUBJECT_CERT,
+                                                                       this->pretrusted->get_ref(this->pretrusted));
+                               }
                                if (auth)
                                {
                                        *auth = this->auth;