[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-250-g0c40916
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-250-g0c40916 |
Date: |
Mon, 21 Jun 2010 16:44:28 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=0c40916fcca747d36d9c519990d146131d5e958a
The branch, master has been updated
via 0c40916fcca747d36d9c519990d146131d5e958a (commit)
from ff5af7914cf86ed4079996f596c26a19e551afc5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0c40916fcca747d36d9c519990d146131d5e958a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Jun 21 18:42:09 2010 +0200
When verifying certificates use the same algorithm whether the
DO_NOT_ALLOW_SAME
flag is set or not. Before we were shortening certificate list if the flag
was not
set by the size of the first certificate found in the trusted list, and
keep the
list intact otherwise. Now we shorten the list in the latter case as well,
except
for the first certificate.
-----------------------------------------------------------------------
Summary of changes:
lib/x509/verify.c | 36 +++++++++++++++++++-----------------
1 files changed, 19 insertions(+), 17 deletions(-)
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 8efc3a4..9c047cc 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -496,34 +496,36 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t
* certificate_list,
* self-signed E but already removed above), and we trust B, remove
* B, C and D. */
if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
+ i = 0; /* also replace the first one */
+ else
+ i = 1; /* do not replace the first one */
+
+ for (; i < clist_size; i++)
{
- for (i = 0; i < clist_size; i++)
- {
- int j;
+ int j;
- for (j = 0; j < tcas_size; j++)
- {
- if (check_if_same_cert (certificate_list[i],
+ for (j = 0; j < tcas_size; j++)
+ {
+ if (check_if_same_cert (certificate_list[i],
trusted_cas[j]) == 0)
- {
- /* explicity time check for trusted CA that we remove from
- * list. GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS
- */
- if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS)
+ {
+ /* explicity time check for trusted CA that we remove from
+ * list. GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS
+ */
+ if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS)
&& !(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS))
- {
+ {
status |= check_time (trusted_cas[j], now);
if (status != 0)
{
return status;
}
- }
- clist_size = i;
- break;
}
+ clist_size = i;
+ break;
}
- /* clist_size may have been changed which gets out of loop */
- }
+ }
+ /* clist_size may have been changed which gets out of loop */
}
if (clist_size == 0)
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-250-g0c40916,
Nikos Mavrogiannopoulos <=