diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-11-15 17:16:45 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-11-15 17:18:07 +0100 |
| commit | 6bb64c0d8ab646b18d3b58fded766aa1dde85a3f (patch) | |
| tree | 5608f287cc649701565c5cbb97ee6ea92ea79e1b | |
| parent | 8dca13d889ab1e124424901aa3a4c268227d9fb2 (diff) | |
| download | gnutls-6bb64c0d8ab646b18d3b58fded766aa1dde85a3f.tar.gz | |
disable_optional_stuff: don't disable unique IDs if set
There are sideways set these values even if they are not
in the public API, and we shouldn't disable them unconditionally.
| -rw-r--r-- | lib/x509/x509_write.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index ef51a328b1..ea510f0e55 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -1010,12 +1010,26 @@ gnutls_x509_crt_set_serial(gnutls_x509_crt_t cert, const void *serial, */ static void disable_optional_stuff(gnutls_x509_crt_t cert) { + int ret; + gnutls_datum_t t = {NULL, 0}; - asn1_write_value(cert->cert, "tbsCertificate.issuerUniqueID", NULL, - 0); + ret = + _gnutls_x509_read_value(cert->cert, + "tbsCertificate.subjectUniqueID", + &t); + if (ret < 0) { + asn1_write_value(cert->cert, "tbsCertificate.subjectUniqueID", NULL, 0); + } else + gnutls_free(t.data); - asn1_write_value(cert->cert, "tbsCertificate.subjectUniqueID", - NULL, 0); + ret = + _gnutls_x509_read_value(cert->cert, + "tbsCertificate.issuerUniqueID", + &t); + if (ret < 0) { + asn1_write_value(cert->cert, "tbsCertificate.issuerUniqueID", NULL, 0); + } else + gnutls_free(t.data); if (cert->use_extensions == 0) { _gnutls_debug_log("Disabling X.509 extensions.\n"); |