diff options
-rw-r--r-- | lib/auto-verify.c | 11 | ||||
-rw-r--r-- | lib/cert.c | 2 | ||||
-rw-r--r-- | lib/gnutls_int.h | 4 | ||||
-rw-r--r-- | lib/priority.c | 5 | ||||
-rw-r--r-- | lib/x509.c | 3 |
5 files changed, 18 insertions, 7 deletions
diff --git a/lib/auto-verify.c b/lib/auto-verify.c index f2dae0d6df..eb818b0b53 100644 --- a/lib/auto-verify.c +++ b/lib/auto-verify.c @@ -57,7 +57,7 @@ static int auto_verify_cb(gnutls_session_t session) * gnutls_session_auto_verify_cert: * @session: is a gnutls session * @hostname: is the expected name of the peer; may be %NULL - * @flags: should be zero + * @flags: flags for certificate verification -- #gnutls_certificate_verify_flags * * This function instructs GnuTLS to verify the peer's certificate * using the provided hostname. If the verification fails the handshake @@ -86,6 +86,9 @@ void gnutls_session_auto_verify_cert(gnutls_session_t session, session->internals.vc_elements = 0; } + if (flags) + session->internals.additional_verify_flags |= flags; + gnutls_session_set_verify_function(session, auto_verify_cb); } @@ -94,7 +97,7 @@ void gnutls_session_auto_verify_cert(gnutls_session_t session, * @session: is a gnutls session * @data: an array of typed data * @elements: the number of data elements - * @flags: should be zero + * @flags: flags for certificate verification -- #gnutls_certificate_verify_flags * * This function instructs GnuTLS to verify the peer's certificate * using the provided typed data information. If the verification fails the handshake @@ -113,6 +116,10 @@ void gnutls_session_auto_verify_cert2(gnutls_session_t session, { session->internals.vc_data = data; session->internals.vc_elements = elements; + + if (flags) + session->internals.additional_verify_flags |= flags; + gnutls_session_set_verify_function(session, auto_verify_cb); } diff --git a/lib/cert.c b/lib/cert.c index 36f87adaf2..fb01d1b994 100644 --- a/lib/cert.c +++ b/lib/cert.c @@ -542,7 +542,7 @@ _gnutls_openpgp_crt_verify_peers(gnutls_session_t session, return GNUTLS_E_NO_CERTIFICATE_FOUND; } - verify_flags = cred->verify_flags | session->internals.priorities.additional_verify_flags; + verify_flags = cred->verify_flags | session->internals.additional_verify_flags; /* generate a list of gnutls_certs based on the auth info * raw certs. diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 8c38cc85f5..49dcd575f3 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -1,5 +1,6 @@ /* - * Copyright (C) 2000-2012 Free Software Foundation, Inc. + * Copyright (C) 2000-2015 Free Software Foundation, Inc. + * Copyright (C) 2015 Red Hat, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -1005,6 +1006,7 @@ typedef struct { gnutls_typed_vdata_st vc_sdata; unsigned vc_elements; unsigned vc_status; + unsigned int additional_verify_flags; /* may be set by priorities or the vc functions */ /* whether this session uses non-blocking sockets */ bool blocking; diff --git a/lib/priority.c b/lib/priority.c index ee158a5f13..51f46e3324 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * Copyright (C) 2004-2015 Free Software Foundation, Inc. + * Copyright (C) 2015 Red Hat, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -534,6 +535,8 @@ gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority) session->internals.priorities.compression.algorithms == 0) return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET); + session->internals.additional_verify_flags |= priority->additional_verify_flags; + return 0; } diff --git a/lib/x509.c b/lib/x509.c index 59a856bba6..7a028485bd 100644 --- a/lib/x509.c +++ b/lib/x509.c @@ -225,8 +225,7 @@ _gnutls_x509_cert_verify_peers(gnutls_session_t session, } verify_flags = - cred->verify_flags | session->internals.priorities. - additional_verify_flags; + cred->verify_flags | session->internals.additional_verify_flags; /* generate a list of gnutls_certs based on the auth info * raw certs. */ |