diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-09-13 10:34:29 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-09-13 10:34:29 +0200 |
commit | 1e7120bfebece42dd1938064b696d6a5fdc506ff (patch) | |
tree | aeafcf02f17aa34b65f3d4168c0f86d02c6abf30 /lib/x509/verify.c | |
parent | d2b207fd10d82f2fcabd157b401386d96895ffa0 (diff) | |
download | gnutls-1e7120bfebece42dd1938064b696d6a5fdc506ff.tar.gz |
gnutls_x509_crl_verify: do not always set the invalid status
Reported by Armin Burgmeier.
Diffstat (limited to 'lib/x509/verify.c')
-rw-r--r-- | lib/x509/verify.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 81b9b4d3e4..030297318a 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -1446,6 +1446,8 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl, &crl_signed_data); if (result < 0) { gnutls_assert(); + if (verify) + *verify |= GNUTLS_CERT_INVALID; goto cleanup; } @@ -1454,6 +1456,8 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl, &crl_signature); if (result < 0) { gnutls_assert(); + if (verify) + *verify |= GNUTLS_CERT_INVALID; goto cleanup; } @@ -1462,6 +1466,8 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl, "signatureAlgorithm.algorithm"); if (result < 0) { gnutls_assert(); + if (verify) + *verify |= GNUTLS_CERT_INVALID; goto cleanup; } @@ -1479,6 +1485,8 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl, result = 0; } else if (result < 0) { gnutls_assert(); + if (verify) + *verify |= GNUTLS_CERT_INVALID; goto cleanup; } @@ -1505,7 +1513,7 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl, cleanup: - if (verify) + if (verify && *verify != 0) *verify |= GNUTLS_CERT_INVALID; _gnutls_free_datum(&crl_signed_data); |