diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-07-28 10:51:40 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-07-28 10:51:43 +0200 |
commit | 51260a9ccd192626b56c52842384a5af86f184a9 (patch) | |
tree | f4b8823cec1aaa84d7aaa1fe93cfec3c44965e61 | |
parent | 41a03b9b9b7fb83ac7668c80e4bb9c9641ed76d5 (diff) | |
download | gnutls-51260a9ccd192626b56c52842384a5af86f184a9.tar.gz |
gnutls_certificate_get_peers may return an unsorted list
-rw-r--r-- | lib/cert-session.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/lib/cert-session.c b/lib/cert-session.c index fbbac35d20..19c84e5f1e 100644 --- a/lib/cert-session.c +++ b/lib/cert-session.c @@ -76,9 +76,12 @@ const gnutls_datum_t *gnutls_certificate_get_ours(gnutls_session_t session) * * Get the peer's raw certificate (chain) as sent by the peer. These * certificates are in raw format (DER encoded for X.509). In case of - * a X.509 then a certificate list may be present. The first - * certificate in the list is the peer's certificate, following the - * issuer's certificate, then the issuer's issuer etc. + * a X.509 then a certificate list may be present. The list + * is provided as sent by the server; the server must send as first + * certificate in the list its own certificate, following the + * issuer's certificate, then the issuer's issuer etc. However, there + * are servers which violate this principle and thus on certain + * occasions this may be an unsorted list. * * In case of OpenPGP keys a single key will be returned in raw * format. |