diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-26 17:51:00 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-04 09:38:27 +0200 |
commit | 76c60b70d3904db31e6c4ae980c7f704a10500a5 (patch) | |
tree | 34168489d9e02f3ed915255e6497a3793cc7a7b9 /lib | |
parent | c11cc4cf99b2003bf8173e42339585477f1ce01d (diff) | |
download | gnutls-76c60b70d3904db31e6c4ae980c7f704a10500a5.tar.gz |
verify_crt: translate GNUTLS_E_CONSTRAINT_ERROR to verification status flag
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/x509/verify.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 8e1d552209..2ccc33ecd2 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -751,6 +751,8 @@ verify_crt(gnutls_x509_crt_t cert, if (ret == GNUTLS_E_PK_SIG_VERIFY_FAILED) { MARK_INVALID(GNUTLS_CERT_SIGNATURE_FAILURE); + } else if (ret == GNUTLS_E_CONSTRAINT_ERROR) { + MARK_INVALID(GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE); } else if (ret < 0) { MARK_INVALID(0); } @@ -1640,6 +1642,10 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl, if (verify) *verify |= GNUTLS_CERT_SIGNATURE_FAILURE; result = 0; + } else if (result == GNUTLS_E_CONSTRAINT_ERROR) { + if (verify) + *verify |= GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE; + result = 0; } else if (result < 0) { gnutls_assert(); if (verify) |