summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/auto-verify.c11
-rw-r--r--lib/cert.c2
-rw-r--r--lib/gnutls_int.h4
-rw-r--r--lib/priority.c5
-rw-r--r--lib/x509.c3
5 files changed, 18 insertions, 7 deletions
diff --git a/lib/auto-verify.c b/lib/auto-verify.c
index f2dae0d6df..eb818b0b53 100644
--- a/lib/auto-verify.c
+++ b/lib/auto-verify.c
@@ -57,7 +57,7 @@ static int auto_verify_cb(gnutls_session_t session)
* gnutls_session_auto_verify_cert:
* @session: is a gnutls session
* @hostname: is the expected name of the peer; may be %NULL
- * @flags: should be zero
+ * @flags: flags for certificate verification -- #gnutls_certificate_verify_flags
*
* This function instructs GnuTLS to verify the peer's certificate
* using the provided hostname. If the verification fails the handshake
@@ -86,6 +86,9 @@ void gnutls_session_auto_verify_cert(gnutls_session_t session,
session->internals.vc_elements = 0;
}
+ if (flags)
+ session->internals.additional_verify_flags |= flags;
+
gnutls_session_set_verify_function(session, auto_verify_cb);
}
@@ -94,7 +97,7 @@ void gnutls_session_auto_verify_cert(gnutls_session_t session,
* @session: is a gnutls session
* @data: an array of typed data
* @elements: the number of data elements
- * @flags: should be zero
+ * @flags: flags for certificate verification -- #gnutls_certificate_verify_flags
*
* This function instructs GnuTLS to verify the peer's certificate
* using the provided typed data information. If the verification fails the handshake
@@ -113,6 +116,10 @@ void gnutls_session_auto_verify_cert2(gnutls_session_t session,
{
session->internals.vc_data = data;
session->internals.vc_elements = elements;
+
+ if (flags)
+ session->internals.additional_verify_flags |= flags;
+
gnutls_session_set_verify_function(session, auto_verify_cb);
}
diff --git a/lib/cert.c b/lib/cert.c
index 36f87adaf2..fb01d1b994 100644
--- a/lib/cert.c
+++ b/lib/cert.c
@@ -542,7 +542,7 @@ _gnutls_openpgp_crt_verify_peers(gnutls_session_t session,
return GNUTLS_E_NO_CERTIFICATE_FOUND;
}
- verify_flags = cred->verify_flags | session->internals.priorities.additional_verify_flags;
+ verify_flags = cred->verify_flags | session->internals.additional_verify_flags;
/* generate a list of gnutls_certs based on the auth info
* raw certs.
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 8c38cc85f5..49dcd575f3 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2000-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2000-2015 Free Software Foundation, Inc.
+ * Copyright (C) 2015 Red Hat, Inc.
*
* Author: Nikos Mavrogiannopoulos
*
@@ -1005,6 +1006,7 @@ typedef struct {
gnutls_typed_vdata_st vc_sdata;
unsigned vc_elements;
unsigned vc_status;
+ unsigned int additional_verify_flags; /* may be set by priorities or the vc functions */
/* whether this session uses non-blocking sockets */
bool blocking;
diff --git a/lib/priority.c b/lib/priority.c
index ee158a5f13..51f46e3324 100644
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2004-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2004-2015 Free Software Foundation, Inc.
+ * Copyright (C) 2015 Red Hat, Inc.
*
* Author: Nikos Mavrogiannopoulos
*
@@ -534,6 +535,8 @@ gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority)
session->internals.priorities.compression.algorithms == 0)
return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
+ session->internals.additional_verify_flags |= priority->additional_verify_flags;
+
return 0;
}
diff --git a/lib/x509.c b/lib/x509.c
index 59a856bba6..7a028485bd 100644
--- a/lib/x509.c
+++ b/lib/x509.c
@@ -225,8 +225,7 @@ _gnutls_x509_cert_verify_peers(gnutls_session_t session,
}
verify_flags =
- cred->verify_flags | session->internals.priorities.
- additional_verify_flags;
+ cred->verify_flags | session->internals.additional_verify_flags;
/* generate a list of gnutls_certs based on the auth info
* raw certs.
*/
View Lorry Controller Status