diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-03-02 23:32:34 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-03-03 07:17:28 +0100 |
commit | 0bf5e0ad985b7160567c5bf060b47f0862fa7744 (patch) | |
tree | fdfdd6ebdae8e63206d2165692d9b7aaaa9647be | |
parent | 6540c2694c10ab481c8b33f5128b3c413a2d4beb (diff) | |
download | gnutls-0bf5e0ad985b7160567c5bf060b47f0862fa7744.tar.gz |
check the blacklist for certificates provided in gnutls_x509_trust_list_verify_named_crt().
-rw-r--r-- | lib/x509/verify-high.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c index 242f56939f..2f10b8c29c 100644 --- a/lib/x509/verify-high.c +++ b/lib/x509/verify-high.c @@ -715,6 +715,14 @@ gnutls_x509_trust_list_verify_named_crt(gnutls_x509_trust_list_t list, hash = hash_pjw_bare(cert->raw_issuer_dn.data, cert->raw_issuer_dn.size); hash %= list->size; + ret = check_if_in_blacklist(&cert, 1, + list->blacklisted, list->blacklisted_size); + if (ret != 0) { + *verify |= GNUTLS_CERT_REVOKED; + *verify |= GNUTLS_CERT_INVALID; + return 0; + } + *verify = GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND; for (i = 0; i < list->node[hash].named_cert_size; i++) { |