ipsec-317.220.1.tar.gz
[apple/ipsec.git] / ipsec-tools / racoon / dnssec.c
index 2f1dc258e752a2e27991afa00d628ba5199689bd..f2b4d2cd0993ea554759b7ee3e5a4dd1e6df1ebc 100644 (file)
@@ -1,3 +1,5 @@
+/*     $NetBSD: dnssec.c,v 1.4 2006/09/09 16:22:09 manu Exp $  */
+
 /*     $KAME: dnssec.c,v 1.2 2001/08/05 18:46:07 itojun Exp $  */
 
 /*
@@ -31,6 +33,8 @@
 
 #include "config.h"
 
+#if ENABLE_DNSSEC_CERTS
+
 #include <sys/types.h>
 #include <sys/param.h>
 #include <stdlib.h>
@@ -65,12 +69,12 @@ dnssec_getcert(id)
        int namelen;
        int error;
 
-       id_b = (struct ipsecdoi_id_b *)id->v;
+       id_b = ALIGNED_CAST(struct ipsecdoi_id_b *)id->v;
 
        namelen = id->l - sizeof(*id_b);
        name = racoon_malloc(namelen + 1);
        if (!name) {
-               plog(LLV_ERROR, LOCATION, NULL,
+               plog(ASL_LEVEL_ERR, 
                        "failed to get buffer.\n");
                return NULL;
        }
@@ -81,7 +85,7 @@ dnssec_getcert(id)
        case IPSECDOI_ID_FQDN:
                error = getcertsbyname(name, &res);
                if (error != 0) {
-                       plog(LLV_ERROR, LOCATION, NULL,
+                       plog(ASL_LEVEL_ERR, 
                                "getcertsbyname(\"%s\") failed.\n", name);
                        goto err;
                }
@@ -90,16 +94,16 @@ dnssec_getcert(id)
        case IPSECDOI_ID_IPV6_ADDR:
                /* XXX should be processed to query PTR ? */
        default:
-               plog(LLV_ERROR, LOCATION, NULL,
+               plog(ASL_LEVEL_ERR, 
                        "impropper ID type passed %s "
                        "though getcert method is dnssec.\n",
                        s_ipsecdoi_ident(id_b->type));
-               return NULL;
+               goto err;
        }
 
        /* check response */
        if (res->ci_next != NULL) {
-               plog(LLV_WARNING, LOCATION, NULL,
+               plog(ASL_LEVEL_WARNING, 
                        "not supported multiple CERT RR.\n");
        }
        switch (res->ci_type) {
@@ -108,7 +112,7 @@ dnssec_getcert(id)
                type = ISAKMP_CERT_X509SIGN;
                break;
        default:
-               plog(LLV_ERROR, LOCATION, NULL,
+               plog(ASL_LEVEL_ERR, 
                        "not supported CERT RR type %d.\n", res->ci_type);
                goto err;
        }
@@ -116,13 +120,13 @@ dnssec_getcert(id)
        /* create cert holder */
        cert = oakley_newcert();
        if (cert == NULL) {
-               plog(LLV_ERROR, LOCATION, NULL,
+               plog(ASL_LEVEL_ERR, 
                        "failed to get cert buffer.\n");
                goto err;
        }
        cert->pl = vmalloc(res->ci_certlen + 1);
        if (cert->pl == NULL) {
-               plog(LLV_ERROR, LOCATION, NULL,
+               plog(ASL_LEVEL_ERR, 
                        "failed to get cert buffer.\n");
                goto err;
        }
@@ -131,8 +135,7 @@ dnssec_getcert(id)
        cert->cert.v = cert->pl->v + 1;
        cert->cert.l = cert->pl->l - 1;
 
-       plog(LLV_DEBUG, LOCATION, NULL, "created CERT payload:\n");
-       plogdump(LLV_DEBUG, cert->pl->v, cert->pl->l);
+       plog(ASL_LEVEL_DEBUG, "created CERT payload:\n");
 
 end:
        if (res)
@@ -143,7 +146,12 @@ end:
 err:
        if (name)
                racoon_free(name);
-       if (cert)
+       if (cert) {
                oakley_delcert(cert);
+               cert = NULL;
+       }
+
        goto end;
 }
+
+#endif /* ENABLE_DNSSEC_CERTS */