From 89665b3866eed67bb6dfd604cbd7744854ab08c8 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Fri, 18 May 2007 10:16:10 +0000 Subject: [PATCH] add is_ca() method --- src/libstrongswan/crypto/ca.c | 9 +++++++++ src/libstrongswan/crypto/ca.h | 14 ++++++++++++-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/src/libstrongswan/crypto/ca.c b/src/libstrongswan/crypto/ca.c index bb35b37..07413e8 100644 --- a/src/libstrongswan/crypto/ca.c +++ b/src/libstrongswan/crypto/ca.c @@ -158,6 +158,14 @@ static bool is_crl_issuer(private_ca_info_t *this, const crl_t *crl) } /** + * Implements ca_info_t.is_ca + */ +static bool is_ca(private_ca_info_t *this) +{ + return this->cacert->is_ca(this->cacert); +} + +/** * Implements ca_info_t.is_strict */ static bool is_strict(private_ca_info_t *this) @@ -778,6 +786,7 @@ ca_info_t *ca_info_create(const char *name, x509_t *cacert) this->public.equals_name_release_info = (bool (*) (ca_info_t*,const char*))equals_name_release_info; this->public.is_cert_issuer = (bool (*) (ca_info_t*,const x509_t*))is_cert_issuer; this->public.is_crl_issuer = (bool (*) (ca_info_t*,const crl_t*))is_crl_issuer; + this->public.is_ca = (bool (*) (ca_info_t*))is_ca; this->public.is_strict = (bool (*) (ca_info_t*))is_strict; this->public.add_info = (void (*) (ca_info_t*,const ca_info_t*))add_info; this->public.add_crl = (void (*) (ca_info_t*,crl_t*))add_crl; diff --git a/src/libstrongswan/crypto/ca.h b/src/libstrongswan/crypto/ca.h index ae10e25..ff6271b 100644 --- a/src/libstrongswan/crypto/ca.h +++ b/src/libstrongswan/crypto/ca.h @@ -26,13 +26,15 @@ typedef struct ca_info_t ca_info_t; #include -#include #include "x509.h" #include "crl.h" #define MAX_CA_PATH_LEN 7 +/*forward declaration */ +struct credential_store_t; + /** * @brief X.509 certification authority information record * @@ -81,6 +83,14 @@ struct ca_info_t { bool (*is_crl_issuer) (ca_info_t *this, const crl_t *crl); /** + * @brief Checks if the ca certificate has the isCA flag set + * + * @param this ca info object + * @return TRUE if the isCA flag is set + */ + bool (*is_ca) (ca_info_t *this); + + /** * @brief Checks if the ca enforces a strict crl policy * * @param this ca info object @@ -192,7 +202,7 @@ struct ca_info_t { * @param credentials credential store needed for trust path verification * @return certificate status */ - cert_status_t (*verify_by_ocsp) (ca_info_t* this, certinfo_t* certinfo, credential_store_t* credentials); + cert_status_t (*verify_by_ocsp) (ca_info_t* this, certinfo_t* certinfo, struct credential_store_t* credentials); /** * @brief Purge the OCSP certinfos of a ca info record -- 2.7.4