From 692ebe18468358edc503fcf856891649936d335a Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 19 Jun 2017 20:58:21 +0200 Subject: ocsptool: --load-chain will sort the input chain Signed-off-by: Nikos Mavrogiannopoulos --- src/certtool-common.c | 6 +++++- src/certtool-common.h | 1 + src/ocsptool.c | 1 + 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/certtool-common.c b/src/certtool-common.c index 81d2189b4a..2453024567 100644 --- a/src/certtool-common.c +++ b/src/certtool-common.c @@ -395,6 +395,7 @@ gnutls_x509_crt_t *load_cert_list(int mand, size_t * crt_size, gnutls_datum_t dat; unsigned size; unsigned int crt_max; + unsigned flags = 0; *crt_size = 0; if (info->verbose) @@ -424,7 +425,10 @@ gnutls_x509_crt_t *load_cert_list(int mand, size_t * crt_size, dat.data = (void *) lbuffer; dat.size = size; - ret = gnutls_x509_crt_list_import2(&crt, &crt_max, &dat, GNUTLS_X509_FMT_PEM, 0); + if (info->sort_chain) + flags |= GNUTLS_X509_CRT_LIST_SORT; + + ret = gnutls_x509_crt_list_import2(&crt, &crt_max, &dat, GNUTLS_X509_FMT_PEM, flags); if (ret < 0) { fprintf(stderr, "Error loading certificates: %s\n", gnutls_strerror(ret)); app_exit(1); diff --git a/src/certtool-common.h b/src/certtool-common.h index 9c5fb977e1..16c3c53dfa 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -76,6 +76,7 @@ typedef struct common_info { unsigned no_compat; unsigned rsa_pss_sign; + unsigned sort_chain; } common_info_st; /* this must be provided by the app */ diff --git a/src/ocsptool.c b/src/ocsptool.c index 480f9b0383..4f3176be70 100644 --- a/src/ocsptool.c +++ b/src/ocsptool.c @@ -404,6 +404,7 @@ unsigned load_chain(gnutls_x509_crt_t chain[MAX_CHAIN_SIZE]) info.verbose = verbose; info.cert = OPT_ARG(LOAD_CHAIN); + info.sort_chain = 1; list = load_cert_list(1, &list_size, &info); if (list_size > MAX_CHAIN_SIZE) { -- cgit v1.2.1