diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-03-07 10:23:21 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-05-11 22:21:29 +0200 |
| commit | a2c2560e555a71dbbf0d0973b2946031816b103a (patch) | |
| tree | 5c917137b547b6d36ca33c92fb0dfbdeadad3da1 | |
| parent | 66a2d447c3e96e928cde36e1dfd13a4ec9846d90 (diff) | |
| download | gnutls-a2c2560e555a71dbbf0d0973b2946031816b103a.tar.gz | |
Optimized the check_if_same().
| -rw-r--r-- | lib/x509/verify.c | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 856fdd1db7..569f4a45fd 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -53,15 +53,38 @@ static int _gnutls_verify_crl2 (gnutls_x509_crl_t crl, int tcas_size, unsigned int flags, unsigned int *output); -/* Checks if two certs are identical. Return 0 onn match. */ +/* Checks if two certs are identical. Return 0 on match. */ static int check_if_same_cert (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2) { gnutls_datum_t cert1bin = { NULL, 0 }, cert2bin = - { - NULL, 0}; + {NULL, 0}; int result; + opaque serial1[128], serial2[128]; + size_t serial1_size, serial2_size; + + serial1_size = sizeof (serial1); + result = gnutls_x509_crt_get_serial (cert1, serial1, &serial1_size); + if (result < 0) + { + gnutls_assert (); + goto cmp; + } + + serial2_size = sizeof (serial2); + result = gnutls_x509_crt_get_serial (cert2, serial2, &serial2_size); + if (result < 0) + { + gnutls_assert (); + goto cmp; + } + + if (serial2_size != serial1_size || memcmp(serial1, serial2, serial1_size) != 0) + { + return 1; + } +cmp: result = _gnutls_x509_der_encode (cert1->cert, "", &cert1bin, 0); if (result < 0) { |