x509: correct argument of gnutls_verify_output_functiontmp-verify-output

This is a leftover of 52e78f1e. We need to call gnutls_verify_output_function with the replaced CA cert instead of the original cert. Signed-off-by: Daiki Ueno <ueno@gnu.org>
author: Daiki Ueno <ueno@gnu.org> 2020-09-27 16:11:32 +0200
committer: Daiki Ueno <ueno@gnu.org> 2020-09-27 16:11:32 +0200
commit: 86ad5ece222f69ebb831bd36995d27d74b729771 (patch)
tree: e3f2e97b995445f5cbb758abf8cd4cae2d4b8a94
parent: a4a9fe30c491cffd1eeba59e04987b7224860559 (diff)
download: gnutls-86ad5ece222f69ebb831bd36995d27d74b729771.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index bab223ceca..ee9bdd57f5 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -1224,12 +1224,13 @@ _gnutls_pkcs11_verify_crt_status(gnutls_x509_trust_list_t tlist,
 		if (_gnutls_pkcs11_crt_is_known (url, certificate_list[i], vflags, &trusted_cert) != 0) {
 
 			status |= check_ca_sanity(trusted_cert, now, flags);
-			gnutls_x509_crt_deinit(trusted_cert);
 
 			if (func)
-				func(certificate_list[i],
+				func(trusted_cert,
 				     certificate_list[i], NULL, status);
 
+			gnutls_x509_crt_deinit(trusted_cert);
+
 			if (status != 0) {
 				return gnutls_assert_val(status);
 			}
author	Daiki Ueno <ueno@gnu.org>	2020-09-27 16:11:32 +0200
committer	Daiki Ueno <ueno@gnu.org>	2020-09-27 16:11:32 +0200
commit	86ad5ece222f69ebb831bd36995d27d74b729771 (patch)
tree	e3f2e97b995445f5cbb758abf8cd4cae2d4b8a94
parent	a4a9fe30c491cffd1eeba59e04987b7224860559 (diff)
download	gnutls-86ad5ece222f69ebb831bd36995d27d74b729771.tar.gz