diff options
author | Chia-chi Yeh <chiachi@android.com> | 2009-07-25 00:33:32 +0800 |
---|---|---|
committer | Chia-chi Yeh <chiachi@android.com> | 2009-07-25 00:33:32 +0800 |
commit | 5cbb57af3a64593fc4bfbb2c42c3d24553e8bae4 (patch) | |
tree | 2ea6f0d623387b1dad775c25eeb54c83ef381925 /src | |
parent | c454954382b81262dc81ac54e147f4dc7fc0af75 (diff) | |
download | ipsec-tools-5cbb57af3a64593fc4bfbb2c42c3d24553e8bae4.tar.gz |
ipsec-tools: Support multiple CA certificates in PEM.
Diffstat (limited to 'src')
-rw-r--r-- | src/racoon/crypto_openssl.c | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/src/racoon/crypto_openssl.c b/src/racoon/crypto_openssl.c index e6e2ed3..aca2f02 100644 --- a/src/racoon/crypto_openssl.c +++ b/src/racoon/crypto_openssl.c @@ -501,12 +501,28 @@ eay_check_x509cert(cert, CApath, CAfile, local) #else if (CAfile) { BIO *bio = BIO_from_keystore(CAfile); - if (bio) { - x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); - X509_STORE_add_cert(cert_ctx, x509); - X509_free(x509); - BIO_free(bio); + STACK_OF(X509_INFO) *stack; + X509_INFO *info; + int i; + + if (!bio) { + goto end; + } + stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL); + BIO_free(bio); + if (!stack) { + goto end; + } + for (i = 0; i < sk_X509_INFO_num(stack); ++i) { + info = sk_X509_INFO_value(stack, i); + if (info->x509) { + X509_STORE_add_cert(cert_ctx, info->x509); + } + if (info->crl) { + X509_STORE_add_crl(cert_ctx, info->crl); + } } + sk_X509_INFO_pop_free(stack, X509_INFO_free); } #endif |