check the blacklist for certificates provided in gnutls_x509_trust_list_verify_named_crt().gnutls_3_1_22

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2014-03-02 23:32:34 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2014-03-02 23:32:34 +0100
commit: 2bd006675c920b5ea5053dafd7dbd7fee7caa702 (patch)
tree: 3cbb42bdf2a69ad28c700ae995901f7779b98a11
parent: 5d0bdf0351641e9ada1c5a94d1a442a55d7cf3c1 (diff)
download: gnutls_3_1_22.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
index 242f56939f..2f10b8c29c 100644
--- a/lib/x509/verify-high.c
+++ b/lib/x509/verify-high.c
@@ -715,6 +715,14 @@ gnutls_x509_trust_list_verify_named_crt(gnutls_x509_trust_list_t list,
     hash = hash_pjw_bare(cert->raw_issuer_dn.data, cert->raw_issuer_dn.size);
     hash %= list->size;
 
+    ret = check_if_in_blacklist(&cert, 1,
+		list->blacklisted, list->blacklisted_size);
+    if (ret != 0) {
+	*verify |= GNUTLS_CERT_REVOKED;
+	*verify |= GNUTLS_CERT_INVALID;
+	return 0;
+    }
+
     *verify = GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND;
 
     for (i = 0; i < list->node[hash].named_cert_size; i++) {
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2014-03-02 23:32:34 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2014-03-02 23:32:34 +0100
commit	2bd006675c920b5ea5053dafd7dbd7fee7caa702 (patch)
tree	3cbb42bdf2a69ad28c700ae995901f7779b98a11
parent	5d0bdf0351641e9ada1c5a94d1a442a55d7cf3c1 (diff)
download	gnutls_3_1_22.tar.gz