projects
/
shibboleth
/
cpp-xmltooling.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
220cbd1
)
Handle null criteria when trusted names are set
author
Scott Cantor
<cantor.2@osu.edu>
Thu, 11 Aug 2011 18:56:40 +0000
(18:56 +0000)
committer
Scott Cantor
<cantor.2@osu.edu>
Thu, 11 Aug 2011 18:56:40 +0000
(18:56 +0000)
xmltooling/security/impl/AbstractPKIXTrustEngine.cpp
patch
|
blob
|
history
diff --git
a/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp
b/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp
index
25cdcb1
..
5d7a598
100644
(file)
--- a/
xmltooling/security/impl/AbstractPKIXTrustEngine.cpp
+++ b/
xmltooling/security/impl/AbstractPKIXTrustEngine.cpp
@@
-692,7
+692,7
@@
bool AbstractPKIXTrustEngine::validateWithCRLs(
return false;
}
return false;
}
- if (
(criteria && criteria->getPeerName() && *(criteria->getPeerName())) || !m_trustedNames.empty(
)) {
+ if (
criteria && criteria->getPeerName() && *(criteria->getPeerName()
)) {
log.debug("checking that the certificate name is acceptable");
if (criteria && criteria->getUsage()==Credential::UNSPECIFIED_CREDENTIAL)
criteria->setUsage(Credential::SIGNING_CREDENTIAL);
log.debug("checking that the certificate name is acceptable");
if (criteria && criteria->getUsage()==Credential::UNSPECIFIED_CREDENTIAL)
criteria->setUsage(Credential::SIGNING_CREDENTIAL);
@@
-701,6
+701,15
@@
bool AbstractPKIXTrustEngine::validateWithCRLs(
return false;
}
}
return false;
}
}
+ else if (!m_trustedNames.empty()) {
+ log.debug("checking that the certificate name is acceptable");
+ CredentialCriteria cc;
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
+ if (!checkEntityNames(certEE,credResolver,cc)) {
+ log.error("certificate name was not acceptable");
+ return false;
+ }
+ }
log.debug("performing certificate path validation...");
log.debug("performing certificate path validation...");