X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Fcrypto%2FsslUtil.h;h=079989939a5e3829dabb6e90ffbf6b993bc58815;hb=160ba9d844500d1e553a0dab21a4a2a7fabc60d5;hp=1327a17bd47367dd0113ce8dec984e1ca93ccb27;hpb=f69f31caeda734d6d9c8ab00e693671ac7512bea;p=cassiopeia.git

diff --git a/src/crypto/sslUtil.h b/src/crypto/sslUtil.h
index 1327a17..0799899 100644
--- a/src/crypto/sslUtil.h
+++ b/src/crypto/sslUtil.h
@@ -10,15 +10,18 @@
 
 #include "db/database.h"
 
-class CAConfig {
-public:
+struct CAConfig {
     std::string path;
     std::string name;
+    std::string crlURL;
+    std::string crtURL;
 
     std::shared_ptr<X509> ca;
     std::shared_ptr<EVP_PKEY> caKey;
     std::shared_ptr<ASN1_TIME> notBefore;
+
     CAConfig( const std::string& name );
+
     bool crlNeedsResign();
 };
 
@@ -31,13 +34,20 @@ struct Profile {
     std::vector<std::shared_ptr<CAConfig>> ca;
     std::time_t maxValidity;
     std::shared_ptr<CAConfig> getCA() {
+        std::shared_ptr<CAConfig> min = nullptr;
         for( auto it = ca.rbegin(); it != ca.rend(); it++ ) {
-            if( X509_cmp_current_time( ( *it )->notBefore.get() ) < 0 ) {
-                return *it;
+            if( X509_cmp_current_time( ( *it )->notBefore.get() ) < 0) {
+                if(min != nullptr){
+                    if(strcmp(min->name.c_str(), (*it)->name.c_str()) < 0){
+                        min = *it;
+                    }
+                }else{
+                    min=*it;
+                }
             }
         }
 
-        return ca[0];
+        return min ? min : ca[0];
     }
 };
 
@@ -49,4 +59,5 @@ std::shared_ptr<EVP_PKEY> loadPkeyFromFile( const std::string& filename );
 std::shared_ptr<SSL_CTX> generateSSLContext( bool server );
 std::shared_ptr<BIO> openSerial( const std::string& name );
 std::string timeToString( std::shared_ptr<ASN1_TIME> time );
+
 void extractTimes( std::shared_ptr<X509> source, std::shared_ptr<SignedCertificate> cert );