Return to crl.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / credentials / certificates |
1.1 misho 1: /* 2: * Copyright (C) 2008 Martin Willi 3: * Copyright (C) 2006 Andreas Steffen 4: * HSR Hochschule fuer Technik Rapperswil 5: * 6: * This program is free software; you can redistribute it and/or modify it 7: * under the terms of the GNU General Public License as published by the 8: * Free Software Foundation; either version 2 of the License, or (at your 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 10: * 11: * This program is distributed in the hope that it will be useful, but 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14: * for more details. 15: */ 16: 17: #include "crl.h" 18: 19: #include <utils/debug.h> 20: 21: ENUM(crl_reason_names, CRL_REASON_UNSPECIFIED, CRL_REASON_REMOVE_FROM_CRL, 22: "unspecified", 23: "key compromise", 24: "ca compromise", 25: "affiliation changed", 26: "superseded", 27: "cessation of operation", 28: "certificate hold", 29: "reason #7", 30: "remove from crl", 31: ); 32: 33: /** 34: * Check if this CRL is newer 35: */ 36: bool crl_is_newer(crl_t *this, crl_t *other) 37: { 38: chunk_t this_num, other_num; 39: bool newer; 40: 41: this_num = this->get_serial(this); 42: other_num = other->get_serial(other); 43: 44: /* compare crlNumbers if available - otherwise use generic cert compare */ 45: if (this_num.ptr != NULL && other_num.ptr != NULL) 46: { 47: newer = chunk_compare(this_num, other_num) > 0; 48: DBG1(DBG_LIB, " crl #%#B is %s - existing crl #%#B %s", 49: &this_num, newer ? "newer" : "not newer", 50: &other_num, newer ? "replaced" : "retained"); 51: } 52: else 53: { 54: newer = certificate_is_newer(&this->certificate, &other->certificate); 55: } 56: return newer; 57: }