mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2024-12-25 15:06:14 +01:00
GTlsCertificate: fix loading of bad certificate chains
g_tls_certificate_new_from_file() was only loading the complete chain if it was fully valid, but we only meant to be validating that it formed an actual chain (since the caller may be planning to ignore other errors). https://bugzilla.gnome.org/show_bug.cgi?id=729739
This commit is contained in:
parent
0728e62be8
commit
982d0e11d7
@ -387,14 +387,14 @@ create_certificate_chain_from_list (GSList *pem_list,
|
||||
pem = g_slist_next (pem);
|
||||
}
|
||||
|
||||
/* Verify the certificate chain and return NULL if it doesn't
|
||||
* verify. */
|
||||
/* Verify that the certificates form a chain. (We don't care at this
|
||||
* point if there are other problems with it.)
|
||||
*/
|
||||
flags = g_tls_certificate_verify (cert, NULL, root);
|
||||
if (flags)
|
||||
if (flags & G_TLS_CERTIFICATE_UNKNOWN_CA)
|
||||
{
|
||||
/* Couldn't verify the certificate chain, so unref it. */
|
||||
g_object_unref (cert);
|
||||
cert = NULL;
|
||||
/* It wasn't a chain, it's just a bunch of unrelated certs. */
|
||||
g_clear_object (&cert);
|
||||
}
|
||||
|
||||
return cert;
|
||||
|
Loading…
Reference in New Issue
Block a user