+/* $NetBSD: dnssec.c,v 1.4 2006/09/09 16:22:09 manu Exp $ */
+
/* $KAME: dnssec.c,v 1.2 2001/08/05 18:46:07 itojun Exp $ */
/*
#include "config.h"
+#if ENABLE_DNSSEC_CERTS
+
#include <sys/types.h>
#include <sys/param.h>
#include <stdlib.h>
int namelen;
int error;
- id_b = (struct ipsecdoi_id_b *)id->v;
+ id_b = ALIGNED_CAST(struct ipsecdoi_id_b *)id->v;
namelen = id->l - sizeof(*id_b);
name = racoon_malloc(namelen + 1);
if (!name) {
- plog(LLV_ERROR, LOCATION, NULL,
+ plog(ASL_LEVEL_ERR,
"failed to get buffer.\n");
return NULL;
}
case IPSECDOI_ID_FQDN:
error = getcertsbyname(name, &res);
if (error != 0) {
- plog(LLV_ERROR, LOCATION, NULL,
+ plog(ASL_LEVEL_ERR,
"getcertsbyname(\"%s\") failed.\n", name);
goto err;
}
case IPSECDOI_ID_IPV6_ADDR:
/* XXX should be processed to query PTR ? */
default:
- plog(LLV_ERROR, LOCATION, NULL,
+ plog(ASL_LEVEL_ERR,
"impropper ID type passed %s "
"though getcert method is dnssec.\n",
s_ipsecdoi_ident(id_b->type));
- return NULL;
+ goto err;
}
/* check response */
if (res->ci_next != NULL) {
- plog(LLV_WARNING, LOCATION, NULL,
+ plog(ASL_LEVEL_WARNING,
"not supported multiple CERT RR.\n");
}
switch (res->ci_type) {
type = ISAKMP_CERT_X509SIGN;
break;
default:
- plog(LLV_ERROR, LOCATION, NULL,
+ plog(ASL_LEVEL_ERR,
"not supported CERT RR type %d.\n", res->ci_type);
goto err;
}
/* create cert holder */
cert = oakley_newcert();
if (cert == NULL) {
- plog(LLV_ERROR, LOCATION, NULL,
+ plog(ASL_LEVEL_ERR,
"failed to get cert buffer.\n");
goto err;
}
cert->pl = vmalloc(res->ci_certlen + 1);
if (cert->pl == NULL) {
- plog(LLV_ERROR, LOCATION, NULL,
+ plog(ASL_LEVEL_ERR,
"failed to get cert buffer.\n");
goto err;
}
cert->cert.v = cert->pl->v + 1;
cert->cert.l = cert->pl->l - 1;
- plog(LLV_DEBUG, LOCATION, NULL, "created CERT payload:\n");
- plogdump(LLV_DEBUG, cert->pl->v, cert->pl->l);
+ plog(ASL_LEVEL_DEBUG, "created CERT payload:\n");
end:
if (res)
err:
if (name)
racoon_free(name);
- if (cert)
+ if (cert) {
oakley_delcert(cert);
+ cert = NULL;
+ }
+
goto end;
}
+
+#endif /* ENABLE_DNSSEC_CERTS */