From 8a865fee2e4bca41a28b557b46b78a15243f49d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Tue, 5 Jun 2007 03:58:56 +0000 Subject: [PATCH] Read in and use default trust anchors if they exists. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20915 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/hx509/cert.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/lib/hx509/cert.c b/lib/hx509/cert.c index a12546d6e..ecc6f5b22 100644 --- a/lib/hx509/cert.c +++ b/lib/hx509/cert.c @@ -119,6 +119,11 @@ hx509_context_init(hx509_context *context) initialize_hx_error_table_r(&(*context)->et_list); initialize_asn1_error_table_r(&(*context)->et_list); +#ifdef HX509_DEFAULT_ANCHORS + (void)hx509_certs_init(*context, HX509_DEFAULT_ANCHORS, 0, + NULL, &(*context)->default_trust_anchors); +#endif + return 0; } @@ -1466,6 +1471,7 @@ hx509_verify_path(hx509_context context, int ret, i, proxy_cert_depth; enum certtype type; Name proxy_issuer; + hx509_certs anchors = NULL; memset(&proxy_issuer, 0, sizeof(proxy_issuer)); @@ -1479,12 +1485,25 @@ hx509_verify_path(hx509_context context, if ((ctx->flags & HX509_VERIFY_CTX_F_TIME_SET) == 0) ctx->time_now = time(NULL); + /* + * + */ + ret = hx509_certs_init(context, "MEMORY:trust-anchors", 0, NULL, &anchors); + if (ret) + goto out; + ret = hx509_certs_merge(context, anchors, ctx->trust_anchors); + if (ret) + goto out; + ret = hx509_certs_merge(context, anchors, context->default_trust_anchors); + if (ret) + goto out; + /* * Calculate the path from the certificate user presented to the * to an anchor. */ ret = _hx509_calculate_path(context, 0, ctx->time_now, - ctx->trust_anchors, ctx->max_depth, + anchors, ctx->max_depth, cert, pool, &path); if (ret) goto out; @@ -1806,6 +1825,7 @@ hx509_verify_path(hx509_context context, } out: + hx509_certs_free(&anchors); free_Name(&proxy_issuer); free_name_constraints(&nc); _hx509_path_free(&path);