verify_crt: translate GNUTLS_E_CONSTRAINT_ERROR to verification status flag

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-07-26 17:51:00 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-08-04 09:38:27 +0200
commit: 76c60b70d3904db31e6c4ae980c7f704a10500a5 (patch)
tree: 34168489d9e02f3ed915255e6497a3793cc7a7b9 /lib
parent: c11cc4cf99b2003bf8173e42339585477f1ce01d (diff)
download: gnutls-76c60b70d3904db31e6c4ae980c7f704a10500a5.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 8e1d552209..2ccc33ecd2 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -751,6 +751,8 @@ verify_crt(gnutls_x509_crt_t cert,
 
 			if (ret == GNUTLS_E_PK_SIG_VERIFY_FAILED) {
 				MARK_INVALID(GNUTLS_CERT_SIGNATURE_FAILURE);
+			} else if (ret == GNUTLS_E_CONSTRAINT_ERROR) {
+				MARK_INVALID(GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE);
 			} else if (ret < 0) {
 				MARK_INVALID(0);
 			}
@@ -1640,6 +1642,10 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl,
 			if (verify)
 				*verify |= GNUTLS_CERT_SIGNATURE_FAILURE;
 			result = 0;
+		} else if (result == GNUTLS_E_CONSTRAINT_ERROR) {
+			if (verify)
+				*verify |= GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE;
+			result = 0;
 		} else if (result < 0) {
 			gnutls_assert();
 			if (verify)
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-07-26 17:51:00 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-08-04 09:38:27 +0200
commit	76c60b70d3904db31e6c4ae980c7f704a10500a5 (patch)
tree	34168489d9e02f3ed915255e6497a3793cc7a7b9 /lib
parent	c11cc4cf99b2003bf8173e42339585477f1ce01d (diff)
download	gnutls-76c60b70d3904db31e6c4ae980c7f704a10500a5.tar.gz