From 8bc139616015dd330bd1d14cf6676ca4ac6d02c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Wed, 6 Dec 2006 10:35:16 +0000 Subject: [PATCH] (_hx509_calculate_path): add flag to allow leaving out trust anchor git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19239 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/hx509/cert.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/lib/hx509/cert.c b/lib/hx509/cert.c index 88f2cb6d6..8096919d4 100644 --- a/lib/hx509/cert.c +++ b/lib/hx509/cert.c @@ -688,6 +688,9 @@ certificate_is_anchor(hx509_context context, hx509_cert c; int ret; + if (trust_anchors == NULL) + return 0; + _hx509_query_clear(&q); q.match = HX509_QUERY_MATCH_CERTIFICATE; @@ -898,6 +901,7 @@ _hx509_path_free(hx509_path *path) int _hx509_calculate_path(hx509_context context, + int flags, time_t time_now, hx509_certs anchors, unsigned int max_depth, @@ -917,7 +921,7 @@ _hx509_calculate_path(hx509_context context, current = hx509_cert_ref(cert); - while (anchors == NULL || !certificate_is_anchor(context, anchors, current)) { + while (!certificate_is_anchor(context, anchors, current)) { ret = find_parent(context, time_now, anchors, path, pool, current, &parent); @@ -936,6 +940,15 @@ _hx509_calculate_path(hx509_context context, return HX509_PATH_TOO_LONG; } } + + if ((flags & HX509_CALCULATE_PATH_NO_ANCHOR) && + path->len > 0 && + certificate_is_anchor(context, anchors, path->val[path->len - 1])) + { + hx509_cert_free(path->val[path->len - 1]); + path->len--; + } + hx509_cert_free(current); return 0; } @@ -1397,7 +1410,7 @@ hx509_verify_path(hx509_context context, * Calculate the path from the certificate user presented to the * to an anchor. */ - ret = _hx509_calculate_path(context, ctx->time_now, + ret = _hx509_calculate_path(context, 0, ctx->time_now, ctx->trust_anchors, ctx->max_depth, cert, pool, &path); if (ret)