summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNiklas Hallqvist <niklas@cvs.openbsd.org>2000-11-23 12:57:08 +0000
committerNiklas Hallqvist <niklas@cvs.openbsd.org>2000-11-23 12:57:08 +0000
commit81faaf6300138060316a22ed4899033af180ee96 (patch)
treebfa857a2163ca48644ed98a75af5dc98e30e4a9f
parent183605e9e1d32d40abe4216ca8fe913d69104431 (diff)
Merge with EOM 1.45
author: niklas style author: angelos Better ID matching, should solve (some?) of PGPnet interoperability problems. From mickey@
-rw-r--r--sbin/isakmpd/x509.c23
1 files changed, 15 insertions, 8 deletions
diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c
index 09ad1643e72..e093516faeb 100644
--- a/sbin/isakmpd/x509.c
+++ b/sbin/isakmpd/x509.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: x509.c,v 1.29 2000/10/07 07:00:34 niklas Exp $ */
-/* $EOM: x509.c,v 1.43 2000/09/28 12:53:27 niklas Exp $ */
+/* $OpenBSD: x509.c,v 1.30 2000/11/23 12:57:07 niklas Exp $ */
+/* $EOM: x509.c,v 1.45 2000/11/23 12:51:21 niklas Exp $ */
/*
* Copyright (c) 1998, 1999 Niels Provos. All rights reserved.
@@ -379,11 +379,17 @@ x509_hash_find (u_int8_t *id, size_t len)
id_found = 0;
for (i = 0; i < n; i++)
- if (clen[i] == len && memcmp (id, cid[i], len) == 0)
- {
- id_found++;
- break;
- }
+ {
+ LOG_DBG_BUF ((LOG_CRYPTO, 70, "cert_cmp: ", id, len));
+ LOG_DBG_BUF ((LOG_CRYPTO, 70, "cert_cmp: ", cid[i], clen[i]));
+ /* XXX This identity predicate needs to be understood. */
+ if (clen[i] == len && id[0] == cid[i][0]
+ && memcmp (id + 4, cid[i] + 4, len - 4) == 0)
+ {
+ id_found++;
+ break;
+ }
+ }
cert_free_subjects (n, cid, clen);
if (!id_found)
continue;
@@ -885,7 +891,8 @@ x509_check_subjectaltname (u_char *id, u_int id_len, X509 *scert)
{
LOG_DBG ((LOG_CRYPTO, 50,
"x509_check_subjectaltname: "
- "our ID type does not match X509 cert ID type"));
+ "our ID type (%d) does not match X509 cert ID type (%d)",
+ idtype, type));
return 0;
}