ipsec-tools: Support multiple CA certificates in PEM.

author: Chia-chi Yeh <chiachi@android.com> 2009-07-25 00:33:32 +0800
committer: Chia-chi Yeh <chiachi@android.com> 2009-07-25 00:33:32 +0800
commit: 5cbb57af3a64593fc4bfbb2c42c3d24553e8bae4 (patch)
tree: 2ea6f0d623387b1dad775c25eeb54c83ef381925 /src
parent: c454954382b81262dc81ac54e147f4dc7fc0af75 (diff)
download: ipsec-tools-5cbb57af3a64593fc4bfbb2c42c3d24553e8bae4.tar.gz
1 files changed, 21 insertions, 5 deletions
diff --git a/src/racoon/crypto_openssl.c b/src/racoon/crypto_openssl.c
index e6e2ed3..aca2f02 100644
--- a/src/racoon/crypto_openssl.c
+++ b/src/racoon/crypto_openssl.c
@@ -501,12 +501,28 @@ eay_check_x509cert(cert, CApath, CAfile, local)
 #else
 	if (CAfile) {
 		BIO *bio = BIO_from_keystore(CAfile);
-		if (bio) {
-			x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
-			X509_STORE_add_cert(cert_ctx, x509);
-			X509_free(x509);
-			BIO_free(bio);
+		STACK_OF(X509_INFO) *stack;
+		X509_INFO *info;
+		int i;
+
+		if (!bio) {
+			goto end;
+		}
+		stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL);
+		BIO_free(bio);
+		if (!stack) {
+			goto end;
+		}
+		for (i = 0; i < sk_X509_INFO_num(stack); ++i) {
+			info = sk_X509_INFO_value(stack, i);
+			if (info->x509) {
+				X509_STORE_add_cert(cert_ctx, info->x509);
+			}
+			if (info->crl) {
+				X509_STORE_add_crl(cert_ctx, info->crl);
+			}
 		}
+		sk_X509_INFO_pop_free(stack, X509_INFO_free);
 	}
 #endif
author	Chia-chi Yeh <chiachi@android.com>	2009-07-25 00:33:32 +0800
committer	Chia-chi Yeh <chiachi@android.com>	2009-07-25 00:33:32 +0800
commit	5cbb57af3a64593fc4bfbb2c42c3d24553e8bae4 (patch)
tree	2ea6f0d623387b1dad775c25eeb54c83ef381925 /src
parent	c454954382b81262dc81ac54e147f4dc7fc0af75 (diff)
download	ipsec-tools-5cbb57af3a64593fc4bfbb2c42c3d24553e8bae4.tar.gz