|
version 1.1.1.1, 2012/02/21 22:39:10
|
version 1.1.1.2, 2014/06/15 16:37:11
|
|
Line 1
|
Line 1
|
| /* $NetBSD: oakley.c,v 1.22 2011/03/17 14:42:58 vanhu Exp $ */ | /* $NetBSD: oakley.c,v 1.22.2.2 2012/08/29 11:35:09 tteras Exp $ */ |
| |
|
| /* Id: oakley.c,v 1.32 2006/05/26 12:19:46 manubsd Exp */ |
/* Id: oakley.c,v 1.32 2006/05/26 12:19:46 manubsd Exp */ |
| |
|
|
Line 1288 oakley_validate_auth(iph1)
|
Line 1288 oakley_validate_auth(iph1)
|
| { |
{ |
| vchar_t *my_hash = NULL; |
vchar_t *my_hash = NULL; |
| int result; |
int result; |
| |
int no_verify_needed = -1; |
| #ifdef HAVE_GSSAPI |
#ifdef HAVE_GSSAPI |
| vchar_t *gsshash = NULL; |
vchar_t *gsshash = NULL; |
| #endif |
#endif |
|
Line 1361 oakley_validate_auth(iph1)
|
Line 1362 oakley_validate_auth(iph1)
|
| plog(LLV_DEBUG, LOCATION, NULL, "HASH for PSK validated.\n"); |
plog(LLV_DEBUG, LOCATION, NULL, "HASH for PSK validated.\n"); |
| } |
} |
| break; |
break; |
| case OAKLEY_ATTR_AUTH_METHOD_DSSSIG: |
|
| case OAKLEY_ATTR_AUTH_METHOD_RSASIG: |
|
| #ifdef ENABLE_HYBRID |
#ifdef ENABLE_HYBRID |
| case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I: |
case OAKLEY_ATTR_AUTH_METHOD_HYBRID_RSA_I: |
| case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I: |
case OAKLEY_ATTR_AUTH_METHOD_HYBRID_DSS_I: |
|
Line 1370 oakley_validate_auth(iph1)
|
Line 1369 oakley_validate_auth(iph1)
|
| case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R: |
case OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R: |
| case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_I: |
case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_I: |
| case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_R: |
case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_R: |
| |
no_verify_needed = 0; |
| #endif |
#endif |
| |
case OAKLEY_ATTR_AUTH_METHOD_DSSSIG: |
| |
case OAKLEY_ATTR_AUTH_METHOD_RSASIG: |
| { |
{ |
| int error = 0; |
int error = 0; |
| int certtype; |
int certtype; |
|
Line 1432 oakley_validate_auth(iph1)
|
Line 1434 oakley_validate_auth(iph1)
|
| } |
} |
| |
|
| if (error != 0) { |
if (error != 0) { |
| plog(LLV_ERROR, LOCATION, NULL, | plog(LLV_ERROR, LOCATION, iph1->remote, |
| "the peer's certificate is not verified.\n"); |
"the peer's certificate is not verified.\n"); |
| return ISAKMP_NTYPE_INVALID_CERT_AUTHORITY; |
return ISAKMP_NTYPE_INVALID_CERT_AUTHORITY; |
| } |
} |
|
Line 1454 oakley_validate_auth(iph1)
|
Line 1456 oakley_validate_auth(iph1)
|
| case ISAKMP_CERT_PLAINRSA: |
case ISAKMP_CERT_PLAINRSA: |
| if (get_plainrsa_fromlocal(iph1, 0)) |
if (get_plainrsa_fromlocal(iph1, 0)) |
| return ISAKMP_INTERNAL_ERROR; |
return ISAKMP_INTERNAL_ERROR; |
| |
/* suppress CERT validation warning, unless hybrid mode in use */ |
| |
if (no_verify_needed == -1) |
| |
no_verify_needed = 1; |
| break; |
break; |
| case ISAKMP_CERT_DNS: |
case ISAKMP_CERT_DNS: |
| /* don't use received cert */ |
/* don't use received cert */ |
|
Line 1480 oakley_validate_auth(iph1)
|
Line 1485 oakley_validate_auth(iph1)
|
| if ((error = oakley_check_certid(iph1)) != 0) |
if ((error = oakley_check_certid(iph1)) != 0) |
| return error; |
return error; |
| |
|
| /* Generate a warning if verify_cert */ | /* Generate a warning unless verify_cert */ |
| if (iph1->rmconf->verify_cert) { |
if (iph1->rmconf->verify_cert) { |
| plog(LLV_DEBUG, LOCATION, NULL, | plog(LLV_DEBUG, LOCATION, iph1->remote, |
| "CERT validated\n"); |
"CERT validated\n"); |
| } else { | } else if (no_verify_needed != 1) { |
| plog(LLV_WARNING, LOCATION, NULL, | plog(LLV_WARNING, LOCATION, iph1->remote, |
| "CERT validation disabled by configuration\n"); |
"CERT validation disabled by configuration\n"); |
| } |
} |
| |
|
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to oakley.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon