diff options
author | Daiki Ueno <ueno@gnu.org> | 2021-03-05 12:08:25 +0100 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2021-03-05 12:13:33 +0100 |
commit | e97a5f07bc9d9394424c6520656e902019fcb380 (patch) | |
tree | 9fc77fc68046803cccef240b4bdd2f904e0d4c16 | |
parent | 857543cc24114431dd5dde0e83c2c44b9b7e6050 (diff) | |
download | gnutls-e97a5f07bc9d9394424c6520656e902019fcb380.tar.gz |
gnutls_x509_trust_list_verify_crt2: skip duped certs for PKCS11 too
The commit 09b40be6e0e0a59ba4bd764067eb353241043a70 (part of
gnutls/gnutls!1370) didn't cover the case where the trust store is
backed by PKCS #11, because it used _gnutls_trust_list_get_issuer,
which only works with file based trust store.
This patch replaces the call with more generic
gnutls_x509_trust_list_get_issuer so it also works with other trust
store implementations.
Reported by Michal Ruprich.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
-rw-r--r-- | lib/x509/verify-high.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c index 9a16e6b42a..736326ee18 100644 --- a/lib/x509/verify-high.c +++ b/lib/x509/verify-high.c @@ -1495,10 +1495,10 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, /* If the issuer of the certificate is known, no need * for further processing. */ - if (_gnutls_trust_list_get_issuer(list, - cert_list[i - 1], - &issuer, - 0) == 0) { + if (gnutls_x509_trust_list_get_issuer(list, + cert_list[i - 1], + &issuer, + 0) == 0) { cert_list_size = i; break; } |