diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-03-25 09:42:16 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-03-25 10:04:18 +0100 |
commit | d3fedf9da0df6a6097c368679356b2fc1058c6f3 (patch) | |
tree | 182619eb3f5fb86859185a296d1a278e86222c3e /lib/x509/verify-high.c | |
parent | 9d0ba0df29a2c427454ababbe8f1e7d8791b5f3a (diff) | |
download | gnutls-d3fedf9da0df6a6097c368679356b2fc1058c6f3.tar.gz |
Added gnutls_x509_crt_check_email(), gnutls_openpgp_crt_check_email() and GNUTLS_DT_RFC822NAME
Diffstat (limited to 'lib/x509/verify-high.c')
-rw-r--r-- | lib/x509/verify-high.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c index 6e3a4be20e..2729976bbe 100644 --- a/lib/x509/verify-high.c +++ b/lib/x509/verify-high.c @@ -1106,7 +1106,7 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, unsigned int i; uint32_t hash; gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY_DEPTH]; - const char *hostname = NULL, *purpose = NULL; + const char *hostname = NULL, *purpose = NULL, *email = NULL; unsigned hostname_size = 0; if (cert_list == NULL || cert_list_size < 1) @@ -1118,6 +1118,10 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, if (data[i].size > 0) { hostname_size = data[i].size; } + if (email != NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + } else if (data[i].type == GNUTLS_DT_RFC822NAME) { + email = (void*)data[i].data; + if (hostname != NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } else if (data[i].type == GNUTLS_DT_KEY_PURPOSE_OID) { purpose = (void*)data[i].data; } @@ -1220,6 +1224,13 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list, *voutput |= GNUTLS_CERT_UNEXPECTED_OWNER|GNUTLS_CERT_INVALID; } + if (email) { + ret = + gnutls_x509_crt_check_email(cert_list[0], email, 0); + if (ret == 0) + *voutput |= GNUTLS_CERT_UNEXPECTED_OWNER|GNUTLS_CERT_INVALID; + } + /* CRL checks follow */ if (*voutput != 0 || (flags & GNUTLS_VERIFY_DISABLE_CRL_CHECKS)) |