diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-06-23 23:13:50 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-06-28 09:28:43 +0200 |
commit | 14f13a25c8ec9fb31f3a6b4971c73c48d39f5b45 (patch) | |
tree | 26ddde4d29ac05a8ff830f1310f672bffdf94dc9 | |
parent | 5b3dbb3422aeaec19f284624fcea97bc8e0a0d11 (diff) | |
download | gnutls-14f13a25c8ec9fb31f3a6b4971c73c48d39f5b45.tar.gz |
gnutls_pkcs11_crt_is_known: always assume GNUTLS_PKCS11_OBJ_FLAG_COMPARE unless GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is given
-rw-r--r-- | lib/pkcs11.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 50d0621ce9..4210bdc877 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -3993,10 +3993,10 @@ int gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert, priv.issuer_dn.data = cert->raw_issuer_dn.data; priv.issuer_dn.size = cert->raw_issuer_dn.size; - /* when looking for a trusted certificate, we always fully compare - * with the given */ - if (flags & GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED && !(flags & GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY)) + /* assume PKCS11_OBJ_FLAG_COMPARE everywhere but DISTRUST info */ + if (!(flags & GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED) && !(flags & GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY)) { flags |= GNUTLS_PKCS11_OBJ_FLAG_COMPARE; + } priv.flags = flags; |