diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-09-13 13:31:45 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-09-13 13:31:45 +0200 |
commit | e98a3c72538fd2d2a13686de73d0a712c4cf3a00 (patch) | |
tree | 1a989dc1831b4165d16d8b22350673fe2a812152 | |
parent | 6b0446747c3dbe08d34c8c8d4d5c17ad3c05c35f (diff) | |
download | gnutls-e98a3c72538fd2d2a13686de73d0a712c4cf3a00.tar.gz |
gnutls_x509_crl_verify: do not always set the invalid status
Reported by Armin Burgmeier.
-rw-r--r-- | lib/x509/verify.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c index d3f349b9a4..04ffba7e22 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -961,6 +961,8 @@ gnutls_x509_crl_verify (gnutls_x509_crl_t crl, if (result < 0) { gnutls_assert (); + if (verify) + *verify |= GNUTLS_CERT_INVALID; goto cleanup; } @@ -968,6 +970,8 @@ gnutls_x509_crl_verify (gnutls_x509_crl_t crl, if (result < 0) { gnutls_assert (); + if (verify) + *verify |= GNUTLS_CERT_INVALID; goto cleanup; } @@ -975,6 +979,8 @@ gnutls_x509_crl_verify (gnutls_x509_crl_t crl, if (result < 0) { gnutls_assert (); + if (verify) + *verify |= GNUTLS_CERT_INVALID; goto cleanup; } @@ -994,6 +1000,8 @@ gnutls_x509_crl_verify (gnutls_x509_crl_t crl, else if (result < 0) { gnutls_assert (); + if (verify) + *verify |= GNUTLS_CERT_INVALID; goto cleanup; } @@ -1021,7 +1029,7 @@ gnutls_x509_crl_verify (gnutls_x509_crl_t crl, cleanup: - if (verify) *verify |= GNUTLS_CERT_INVALID; + if (verify && *verify) *verify |= GNUTLS_CERT_INVALID; _gnutls_free_datum (&crl_signed_data); _gnutls_free_datum (&crl_signature); |