diff options
author | Daiki Ueno <ueno@gnu.org> | 2020-09-27 16:11:32 +0200 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2020-09-27 16:11:32 +0200 |
commit | 86ad5ece222f69ebb831bd36995d27d74b729771 (patch) | |
tree | e3f2e97b995445f5cbb758abf8cd4cae2d4b8a94 | |
parent | a4a9fe30c491cffd1eeba59e04987b7224860559 (diff) | |
download | gnutls-86ad5ece222f69ebb831bd36995d27d74b729771.tar.gz |
x509: correct argument of gnutls_verify_output_functiontmp-verify-output
This is a leftover of 52e78f1e. We need to call
gnutls_verify_output_function with the replaced CA cert instead of the
original cert.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
-rw-r--r-- | lib/x509/verify.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c index bab223ceca..ee9bdd57f5 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -1224,12 +1224,13 @@ _gnutls_pkcs11_verify_crt_status(gnutls_x509_trust_list_t tlist, if (_gnutls_pkcs11_crt_is_known (url, certificate_list[i], vflags, &trusted_cert) != 0) { status |= check_ca_sanity(trusted_cert, now, flags); - gnutls_x509_crt_deinit(trusted_cert); if (func) - func(certificate_list[i], + func(trusted_cert, certificate_list[i], NULL, status); + gnutls_x509_crt_deinit(trusted_cert); + if (status != 0) { return gnutls_assert_val(status); } |