summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2015-11-15 17:16:45 +0100
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2015-11-15 17:18:07 +0100
commit6bb64c0d8ab646b18d3b58fded766aa1dde85a3f (patch)
tree5608f287cc649701565c5cbb97ee6ea92ea79e1b
parent8dca13d889ab1e124424901aa3a4c268227d9fb2 (diff)
downloadgnutls-6bb64c0d8ab646b18d3b58fded766aa1dde85a3f.tar.gz
disable_optional_stuff: don't disable unique IDs if set
There are sideways set these values even if they are not in the public API, and we shouldn't disable them unconditionally.
-rw-r--r--lib/x509/x509_write.c22
1 files changed, 18 insertions, 4 deletions
diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c
index ef51a328b1..ea510f0e55 100644
--- a/lib/x509/x509_write.c
+++ b/lib/x509/x509_write.c
@@ -1010,12 +1010,26 @@ gnutls_x509_crt_set_serial(gnutls_x509_crt_t cert, const void *serial,
*/
static void disable_optional_stuff(gnutls_x509_crt_t cert)
{
+ int ret;
+ gnutls_datum_t t = {NULL, 0};
- asn1_write_value(cert->cert, "tbsCertificate.issuerUniqueID", NULL,
- 0);
+ ret =
+ _gnutls_x509_read_value(cert->cert,
+ "tbsCertificate.subjectUniqueID",
+ &t);
+ if (ret < 0) {
+ asn1_write_value(cert->cert, "tbsCertificate.subjectUniqueID", NULL, 0);
+ } else
+ gnutls_free(t.data);
- asn1_write_value(cert->cert, "tbsCertificate.subjectUniqueID",
- NULL, 0);
+ ret =
+ _gnutls_x509_read_value(cert->cert,
+ "tbsCertificate.issuerUniqueID",
+ &t);
+ if (ret < 0) {
+ asn1_write_value(cert->cert, "tbsCertificate.issuerUniqueID", NULL, 0);
+ } else
+ gnutls_free(t.data);
if (cert->use_extensions == 0) {
_gnutls_debug_log("Disabling X.509 extensions.\n");