diff options
| -rw-r--r-- | lib/x509/x509.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/lib/x509/x509.c b/lib/x509/x509.c index efc39ed2c3..ad73bce591 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -189,7 +189,7 @@ gnutls_x509_crt_import(gnutls_x509_crt_t cert, gnutls_x509_crt_fmt_t format) { int result = 0; - int version; + int version, s2; if (cert == NULL) { gnutls_assert(); @@ -250,6 +250,23 @@ gnutls_x509_crt_import(gnutls_x509_crt_t cert, goto cleanup; } + result = _gnutls_x509_get_signature_algorithm(cert->cert, + "signatureAlgorithm.algorithm"); + if (result < 0) { + gnutls_assert(); + goto cleanup; + } + + s2 = _gnutls_x509_get_signature_algorithm(cert->cert, + "tbsCertificate.signature.algorithm"); + if (result != s2) { + _gnutls_debug_log("signatureAlgorithm.algorithm differs from tbsCertificate.signature.algorithm: %s, %s\n", + gnutls_sign_get_name(result), gnutls_sign_get_name(s2)); + gnutls_assert(); + result = GNUTLS_E_CERTIFICATE_ERROR; + goto cleanup; + } + result = _gnutls_x509_get_raw_field2(cert->cert, &cert->der, "tbsCertificate.issuer.rdnSequence", &cert->raw_issuer_dn); |