diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-06-19 20:58:21 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-06-20 12:46:04 +0200 |
commit | 692ebe18468358edc503fcf856891649936d335a (patch) | |
tree | 85e37a34b8b854b9f198b927e9f7b60970cb9443 | |
parent | 4a6d863c0b5f0f21d8e2e03abd7f5e5430f5e9c0 (diff) | |
download | gnutls-692ebe18468358edc503fcf856891649936d335a.tar.gz |
ocsptool: --load-chain will sort the input chain
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r-- | src/certtool-common.c | 6 | ||||
-rw-r--r-- | src/certtool-common.h | 1 | ||||
-rw-r--r-- | src/ocsptool.c | 1 |
3 files changed, 7 insertions, 1 deletions
diff --git a/src/certtool-common.c b/src/certtool-common.c index 81d2189b4a..2453024567 100644 --- a/src/certtool-common.c +++ b/src/certtool-common.c @@ -395,6 +395,7 @@ gnutls_x509_crt_t *load_cert_list(int mand, size_t * crt_size, gnutls_datum_t dat; unsigned size; unsigned int crt_max; + unsigned flags = 0; *crt_size = 0; if (info->verbose) @@ -424,7 +425,10 @@ gnutls_x509_crt_t *load_cert_list(int mand, size_t * crt_size, dat.data = (void *) lbuffer; dat.size = size; - ret = gnutls_x509_crt_list_import2(&crt, &crt_max, &dat, GNUTLS_X509_FMT_PEM, 0); + if (info->sort_chain) + flags |= GNUTLS_X509_CRT_LIST_SORT; + + ret = gnutls_x509_crt_list_import2(&crt, &crt_max, &dat, GNUTLS_X509_FMT_PEM, flags); if (ret < 0) { fprintf(stderr, "Error loading certificates: %s\n", gnutls_strerror(ret)); app_exit(1); diff --git a/src/certtool-common.h b/src/certtool-common.h index 9c5fb977e1..16c3c53dfa 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -76,6 +76,7 @@ typedef struct common_info { unsigned no_compat; unsigned rsa_pss_sign; + unsigned sort_chain; } common_info_st; /* this must be provided by the app */ diff --git a/src/ocsptool.c b/src/ocsptool.c index 480f9b0383..4f3176be70 100644 --- a/src/ocsptool.c +++ b/src/ocsptool.c @@ -404,6 +404,7 @@ unsigned load_chain(gnutls_x509_crt_t chain[MAX_CHAIN_SIZE]) info.verbose = verbose; info.cert = OPT_ARG(LOAD_CHAIN); + info.sort_chain = 1; list = load_cert_list(1, &list_size, &info); if (list_size > MAX_CHAIN_SIZE) { |