diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-06-23 23:13:50 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-06-28 09:32:49 +0200 |
| commit | b04384a9f890aae2e842e113675a1eedad8e9d14 (patch) | |
| tree | 1994805d9c6264f591d5a0d9e55929c331fe9650 | |
| parent | af914f737edd8f68bd57b33e123731728941eebf (diff) | |
| download | gnutls-b04384a9f890aae2e842e113675a1eedad8e9d14.tar.gz | |
gnutls_pkcs11_crt_is_known: always assume GNUTLS_PKCS11_OBJ_FLAG_COMPARE unless GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is given
| -rw-r--r-- | lib/pkcs11.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/pkcs11.c b/lib/pkcs11.c index e0c18197d9..ebc1e36364 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -3591,10 +3591,10 @@ int gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert, priv.issuer_dn.data = cert->raw_issuer_dn.data; priv.issuer_dn.size = cert->raw_issuer_dn.size; - /* when looking for a trusted certificate, we always fully compare - * with the given */ - if (flags & GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED && !(flags & GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY)) + /* assume PKCS11_OBJ_FLAG_COMPARE everywhere but DISTRUST info */ + if (!(flags & GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED) && !(flags & GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY)) { flags |= GNUTLS_PKCS11_OBJ_FLAG_COMPARE; + } priv.flags = flags; |