From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Fri, 25 May 2007 08:21:27 +0000 (-0000)
Subject: set certinfo status to CERT_UNKNOWN before crl and|or ocsp verification
X-Git-Tag: 4.1.3~12
X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=commitdiff_plain;h=13b872ebd211fc72b3174281ec95984b182396c3

set certinfo status to CERT_UNKNOWN before crl and|or ocsp verification
---

diff --git a/src/charon/config/credentials/local_credential_store.c b/src/charon/config/credentials/local_credential_store.c
index 48fb1c8..af5a021 100644
--- a/src/charon/config/credentials/local_credential_store.c
+++ b/src/charon/config/credentials/local_credential_store.c
@@ -301,7 +301,7 @@ static rsa_public_key_t *get_rsa_public_key(private_local_credential_store_t *th
 /**
  * Implementation of credential_store_t.get_issuer.
  */
-static ca_info_t* get_issuer(private_local_credential_store_t *this, const x509_t *cert)
+static ca_info_t* get_issuer(private_local_credential_store_t *this, x509_t *cert)
 {
 	ca_info_t *found = cert->get_ca_info(cert);
 
@@ -548,7 +548,7 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
 	x509_t *end_cert = cert;
 	x509_t *cert_copy = find_certificate(this->certs, end_cert);
 	
-	DBG2(DBG_CFG, "verifying end entity certificate:");
+	DBG1(DBG_CFG, "verifying end entity certificate up to trust anchor:");
 
 	*found = (cert_copy != NULL);
 	if (*found)
@@ -618,6 +618,8 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f
 			cert_status_t status;
 			certinfo_t *certinfo = certinfo_create(cert->get_serialNumber(cert));
 
+			certinfo->set_status(certinfo, CERT_UNKNOWN);
+
 			if (pathlen == 0)
 			{
 				/* add any crl and ocsp uris contained in the certificate under test */
@@ -725,6 +727,8 @@ static status_t verify_signature(private_local_credential_store_t *this,
 	status_t sig_status;
 	x509_t *cert;
 
+	DBG1(DBG_CFG, "verifying RSA signature:");
+
 	/* default return values in case of failure */
 	sig_status = NOT_FOUND;
 	*issuer_p = NULL;
@@ -1458,7 +1462,7 @@ local_credential_store_t * local_credential_store_create(void)
 	this->public.credential_store.get_certificate = (x509_t* (*) (credential_store_t*,identification_t*))get_certificate;
 	this->public.credential_store.get_auth_certificate = (x509_t* (*) (credential_store_t*,u_int,identification_t*))get_auth_certificate;
 	this->public.credential_store.get_ca_certificate_by_keyid = (x509_t* (*) (credential_store_t*,chunk_t))get_ca_certificate_by_keyid;
-	this->public.credential_store.get_issuer = (ca_info_t* (*) (credential_store_t*,const x509_t*))get_issuer;
+	this->public.credential_store.get_issuer = (ca_info_t* (*) (credential_store_t*,x509_t*))get_issuer;
 	this->public.credential_store.is_trusted = (bool (*) (credential_store_t*,x509_t*))is_trusted;
 	this->public.credential_store.verify_signature = (status_t (*) (credential_store_t*,chunk_t,chunk_t,identification_t*,ca_info_t**))verify_signature;
 	this->public.credential_store.verify = (bool (*) (credential_store_t*,x509_t*,bool*))verify;