forked from pool/gnutls
41 lines
1.3 KiB
Diff
41 lines
1.3 KiB
Diff
|
Index: gnutls/lib/x509/verify.c
|
||
|
|
===================================================================
|
||
|
|
--- gnutls/lib/x509/verify.c 2008-11-10 10:58:33.000000000 +0100
|
||
|
|
+++ gnutls/lib/x509/verify.c 2008-11-10 10:58:41.000000000 +0100
|
||
|
|
@@ -374,6 +374,17 @@
|
||
|
|
int i = 0, ret;
|
||
|
|
unsigned int status = 0, output;
|
||
|
|
|
||
|
|
+ /* Check if the last certificate in the path is self signed.
|
||
|
|
+ * In that case ignore it (a certificate is trusted only if it
|
||
|
|
+ * leads to a trusted party by us, not the server's).
|
||
|
|
+ */
|
||
|
|
+ if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
|
||
|
|
+ certificate_list[clist_size - 1]) > 0
|
||
|
|
+ && clist_size > 0)
|
||
|
|
+ {
|
||
|
|
+ clist_size--;
|
||
|
|
+ }
|
||
|
|
+
|
||
|
|
/* Verify the last certificate in the certificate path
|
||
|
|
* against the trusted CA certificate list.
|
||
|
|
*
|
||
|
|
@@ -412,17 +423,6 @@
|
||
|
|
}
|
||
|
|
#endif
|
||
|
|
|
||
|
|
- /* Check if the last certificate in the path is self signed.
|
||
|
|
- * In that case ignore it (a certificate is trusted only if it
|
||
|
|
- * leads to a trusted party by us, not the server's).
|
||
|
|
- */
|
||
|
|
- if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
|
||
|
|
- certificate_list[clist_size - 1]) > 0
|
||
|
|
- && clist_size > 0)
|
||
|
|
- {
|
||
|
|
- clist_size--;
|
||
|
|
- }
|
||
|
|
-
|
||
|
|
/* Verify the certificate path (chain)
|
||
|
|
*/
|
||
|
|
for (i = clist_size - 1; i > 0; i--)
|