Return to systime_fix_validator.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / systime_fix |
1.1 misho 1: /* 2: * Copyright (C) 2013 Martin Willi 3: * Copyright (C) 2013 revosec AG 4: * 5: * This program is free software; you can redistribute it and/or modify it 6: * under the terms of the GNU General Public License as published by the 7: * Free Software Foundation; either version 2 of the License, or (at your 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 9: * 10: * This program is distributed in the hope that it will be useful, but 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13: * for more details. 14: */ 15: 16: #include "systime_fix_validator.h" 17: 18: #include <errno.h> 19: #include <time.h> 20: 21: #include <daemon.h> 22: 23: typedef struct private_systime_fix_validator_t private_systime_fix_validator_t; 24: 25: /** 26: * Private data of an systime_fix_validator_t object. 27: */ 28: struct private_systime_fix_validator_t { 29: 30: /** 31: * Public systime_fix_validator_t interface. 32: */ 33: systime_fix_validator_t public; 34: 35: /** 36: * Timestamp where we start to consider system time valid 37: */ 38: time_t threshold; 39: }; 40: 41: METHOD(cert_validator_t, check_lifetime, status_t, 42: private_systime_fix_validator_t *this, certificate_t *cert, 43: int pathlen, bool anchor, auth_cfg_t *auth) 44: { 45: if (time(NULL) < this->threshold) 46: { 47: /* our system time seems to be invalid, accept certificate */ 48: if (pathlen) 49: { /* report only once per validated chain */ 50: DBG1(DBG_CFG, "system time out of sync, skipping certificate " 51: "lifetime check"); 52: } 53: return SUCCESS; 54: } 55: /* validate this certificate normally */ 56: return NEED_MORE; 57: } 58: 59: METHOD(systime_fix_validator_t, destroy, void, 60: private_systime_fix_validator_t *this) 61: { 62: free(this); 63: } 64: 65: /** 66: * See header 67: */ 68: systime_fix_validator_t *systime_fix_validator_create(time_t threshold) 69: { 70: private_systime_fix_validator_t *this; 71: 72: INIT(this, 73: .public = { 74: .validator = { 75: .check_lifetime = _check_lifetime, 76: }, 77: .destroy = _destroy, 78: }, 79: .threshold = threshold, 80: ); 81: 82: return &this->public; 83: }