Navigation

Changeset 4247

Timestamp:

08/05/08 11:05:57 (5 months ago)

Author:

andreas

Message:

initiator sends contents of rightca= if present as a certificate request without searching for further CA certificates

Files:

r3852	r4247
321	321	{
322	322	ike_cfg_t *ike_cfg;
	323	peer_cfg_t *peer_cfg;
323	324	enumerator_t *enumerator;
324	325	certificate_t *cert;
325		~~auth_info_t *auth;~~
326	326	bool restricted = FALSE;
327		~~auth_item_t item;~~
328	327	certreq_payload_t *x509_req = NULL;
329	328
…	…
333	332	return;
334	333	}
335		~~auth = this->ike_sa->get_other_auth(this->ike_sa);~~
336	334
337	335	/* check if we require a specific CA for that peer */
338		enumerator = auth->create_item_enumerator(auth);
339		while (enumerator->enumerate(enumerator, &item, &cert))
340		{
341		if (item == AUTHN_CA_CERT)
342		{
343		restricted = TRUE;
344		add_certreq_payload(message, &x509_req, cert);
345		}
346		}
347		enumerator->destroy(enumerator);
	336	peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
	337	if (peer_cfg)
	338	{
	339	auth_item_t item;
	340	auth_info_t *auth = peer_cfg->get_auth(peer_cfg);
	341
	342	enumerator = auth->create_item_enumerator(auth);
	343	while (enumerator->enumerate(enumerator, &item, &cert))
	344	{
	345	if (item == AUTHZ_CA_CERT)
	346	{
	347	restricted = TRUE;
	348	add_certreq_payload(message, &x509_req, cert);
	349	}
	350	/* TODO: handle AUTHZ_CA_CERT_NAME case */
	351	}
	352	enumerator->destroy(enumerator);
	353	}
348	354
349	355	if (!restricted)