ipsec-tools: Support multiple CA certificates in PEM.

commit: 5cbb57af3a64593fc4bfbb2c42c3d24553e8bae4 [log] [tgz]
author: Chia-chi Yeh <chiachi@android.com> Sat Jul 25 00:33:32 2009 +0800
committer: Chia-chi Yeh <chiachi@android.com> Sat Jul 25 00:33:32 2009 +0800
tree: 2ea6f0d623387b1dad775c25eeb54c83ef381925
parent: c454954382b81262dc81ac54e147f4dc7fc0af75 [diff]
diff --git a/src/racoon/crypto_openssl.c b/src/racoon/crypto_openssl.c
index e6e2ed3..aca2f02 100644
--- a/src/racoon/crypto_openssl.c
+++ b/src/racoon/crypto_openssl.c

@@ -501,12 +501,28 @@
 #else
 	if (CAfile) {
 		BIO *bio = BIO_from_keystore(CAfile);
-		if (bio) {
-			x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
-			X509_STORE_add_cert(cert_ctx, x509);
-			X509_free(x509);
-			BIO_free(bio);
+		STACK_OF(X509_INFO) *stack;
+		X509_INFO *info;
+		int i;
+
+		if (!bio) {
+			goto end;
 		}
+		stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL);
+		BIO_free(bio);
+		if (!stack) {
+			goto end;
+		}
+		for (i = 0; i < sk_X509_INFO_num(stack); ++i) {
+			info = sk_X509_INFO_value(stack, i);
+			if (info->x509) {
+				X509_STORE_add_cert(cert_ctx, info->x509);
+			}
+			if (info->crl) {
+				X509_STORE_add_crl(cert_ctx, info->crl);
+			}
+		}
+		sk_X509_INFO_pop_free(stack, X509_INFO_free);
 	}
 #endif
commit	5cbb57af3a64593fc4bfbb2c42c3d24553e8bae4	[log] [tgz]
author	Chia-chi Yeh <chiachi@android.com>	Sat Jul 25 00:33:32 2009 +0800
committer	Chia-chi Yeh <chiachi@android.com>	Sat Jul 25 00:33:32 2009 +0800
tree	2ea6f0d623387b1dad775c25eeb54c83ef381925
parent	c454954382b81262dc81ac54e147f4dc7fc0af75 [diff]