output optional pathLenConstraint in ipsec listcacerts
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 4 Nov 2009 06:30:07 +0000 (07:30 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 4 Nov 2009 06:30:07 +0000 (07:30 +0100)
src/charon/plugins/stroke/stroke_list.c
src/libstrongswan/plugins/x509/x509_cert.c
src/pluto/x509.c

index f8bab4f..5cffa42 100644 (file)
@@ -665,6 +665,7 @@ static void stroke_list_certs(linked_list_t *list, char *label,
                        enumerator_t *enumerator;
                        identification_t *altName;
                        bool first_altName = TRUE;
+                       int pathlen;
                        chunk_t serial, authkey;
                        time_t notBefore, notAfter;
                        public_key_t *public;
@@ -742,6 +743,14 @@ static void stroke_list_certs(linked_list_t *list, char *label,
                        {
                                fprintf(out, "  authkey:   %#B\n", &authkey);
                        }
+
+                       /* list optional pathLenConstraint */
+                       pathlen = x509->get_pathLenConstraint(x509);
+                       if (pathlen != NO_PATH_LEN_CONSTRAINT)
+                       {
+                               fprintf(out, "  pathlen:   %d\n", pathlen);
+                       }
+
                }
        }
        enumerator->destroy(enumerator);
index b103170..0147e78 100644 (file)
@@ -1135,6 +1135,14 @@ static chunk_t get_authKeyIdentifier(private_x509_cert_t *this)
 }
 
 /**
+ * Implementation of x509_t.get_pathLenConstraint.
+ */
+static int get_pathLenConstraint(private_x509_cert_t *this)
+{
+       return this->pathLenConstraint;
+}
+
+/**
  * Implementation of x509_cert_t.create_subjectAltName_enumerator.
  */
 static enumerator_t* create_subjectAltName_enumerator(private_x509_cert_t *this)
@@ -1209,6 +1217,7 @@ static private_x509_cert_t* create_empty(void)
        this->public.interface.get_serial = (chunk_t (*)(x509_t*))get_serial;
        this->public.interface.get_subjectKeyIdentifier = (chunk_t (*)(x509_t*))get_subjectKeyIdentifier;
        this->public.interface.get_authKeyIdentifier = (chunk_t (*)(x509_t*))get_authKeyIdentifier;
+       this->public.interface.get_pathLenConstraint = (int (*)(x509_t*))get_pathLenConstraint;
        this->public.interface.create_subjectAltName_enumerator = (enumerator_t* (*)(x509_t*))create_subjectAltName_enumerator;
        this->public.interface.create_crl_uri_enumerator = (enumerator_t* (*)(x509_t*))create_crl_uri_enumerator;
        this->public.interface.create_ocsp_uri_enumerator = (enumerator_t* (*)(x509_t*))create_ocsp_uri_enumerator;
index 47c9cec..25b4e14 100644 (file)
@@ -505,7 +505,7 @@ void list_x509cert_chain(const char *caption, x509cert_t* cert,
                        enumerator_t *enumerator;
                        char buf[BUF_LEN];
                        char *pos = buf;
-                       int len = BUF_LEN;
+                       int len = BUF_LEN, pathlen;
                        bool first_altName = TRUE;
                        identification_t *id;
                        time_t notBefore, notAfter;
@@ -589,6 +589,14 @@ void list_x509cert_chain(const char *caption, x509cert_t* cert,
                        {
                                whack_log(RC_COMMENT, "  authkey:   %#B", &authkey);
                        }
+
+                       /* list optional pathLenConstraint */
+                       pathlen = x509->get_pathLenConstraint(x509);
+                       if (pathlen != NO_PATH_LEN_CONSTRAINT)
+                       {
+                               whack_log(RC_COMMENT, "  pathlen:   %d", pathlen);
+                       }
+
                }
                cert = cert->next;
        }