diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-12-29 22:33:07 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2020-01-03 10:56:14 +0100 |
commit | af83068ffc2b3533d9195b1f59132551f6027976 (patch) | |
tree | 1e65a7af44117b3288ffdd0e8e7d0cf095c29727 /lib/includes/gnutls/gnutls.h.in | |
parent | acb025f0d20cda0e2173c822e7d4efa611cce396 (diff) | |
download | gnutls-af83068ffc2b3533d9195b1f59132551f6027976.tar.gz |
x509: reject certificates having duplicate extensions
According to RFC5280 a certificate must not include more than
one instance of a particular extension. We were previously printing
warnings when such extensions were found, but that is insufficient
to flag such certificates. Instead, refuse to import them.
Resolves: #887
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'lib/includes/gnutls/gnutls.h.in')
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index d8464c94da..fb617f9963 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -3386,6 +3386,7 @@ void gnutls_fips140_set_mode(gnutls_fips_mode_t mode, unsigned flags); #define GNUTLS_E_MISSING_EXTENSION -427 #define GNUTLS_E_DB_ENTRY_EXISTS -428 #define GNUTLS_E_EARLY_DATA_REJECTED -429 +#define GNUTLS_E_X509_DUPLICATE_EXTENSION -430 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250 |