[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-153-gfe2189b
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-153-gfe2189b |
Date: |
Sun, 07 Mar 2010 09:34:04 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=fe2189bf85e8a5d494cd3ee63280aeeedd5503e5
The branch, master has been updated
via fe2189bf85e8a5d494cd3ee63280aeeedd5503e5 (commit)
from efd78dbd4d5b856b8c609e308e5cce939917218f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit fe2189bf85e8a5d494cd3ee63280aeeedd5503e5
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Mar 7 10:33:07 2010 +0100
Removed artificial constrained that prevented end-user certificates,
being added to the trusted list, treated as trusted. Suggestion and patch
by Tomas Mraz.
-----------------------------------------------------------------------
Summary of changes:
lib/x509/verify.c | 11 ++++++++---
1 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index b1fb97c..a464596 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -440,10 +440,10 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t
* certificate_list,
* one of the certs we trust and all the certs after that i.e. if
* cert chain is A signed-by B signed-by C signed-by D (signed-by
* self-signed E but already removed above), and we trust B, remove
- * B, C and D. We must leave the first cert on chain. */
- if (clist_size > 1 && !(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
+ * B, C and D. */
+ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
{
- for (i = 1; i < clist_size; i++)
+ for (i = 0; i < clist_size; i++)
{
int j;
@@ -460,6 +460,11 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t *
certificate_list,
}
}
+ if (clist_size == 0)
+ /* The certificate is already present in the trusted certificate list.
+ * Nothing to verify. */
+ return status;
+
/* Verify the last certificate in the certificate path
* against the trusted CA certificate list.
*
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-153-gfe2189b,
Nikos Mavrogiannopoulos <=