revocation: Set defaults if CRL/OCSP checking is disabled in config
authorTobias Brunner <tobias@strongswan.org>
Thu, 3 May 2018 09:19:18 +0000 (11:19 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 22 May 2018 07:50:47 +0000 (09:50 +0200)
src/libstrongswan/plugins/revocation/revocation_validator.c

index 1a7013b..edb2f80 100644 (file)
@@ -824,6 +824,10 @@ METHOD(cert_validator_t, validate, bool,
                                        break;
                        }
                }
                                        break;
                        }
                }
+               else
+               {
+                       auth->add(auth, AUTH_RULE_OCSP_VALIDATION, VALIDATION_SKIPPED);
+               }
 
                if (this->enable_crl)
                {
 
                if (this->enable_crl)
                {
@@ -847,6 +851,11 @@ METHOD(cert_validator_t, validate, bool,
                                        break;
                        }
                }
                                        break;
                        }
                }
+               else
+               {
+                       auth->add(auth, AUTH_RULE_CRL_VALIDATION,
+                                         auth->get(auth, AUTH_RULE_OCSP_VALIDATION));
+               }
 
                lib->credmgr->call_hook(lib->credmgr, CRED_HOOK_VALIDATION_FAILED,
                                                                subject);
 
                lib->credmgr->call_hook(lib->credmgr, CRED_HOOK_VALIDATION_FAILED,
                                                                subject);