From 86ad5ece222f69ebb831bd36995d27d74b729771 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Sun, 27 Sep 2020 16:11:32 +0200 Subject: x509: correct argument of gnutls_verify_output_function This is a leftover of 52e78f1e. We need to call gnutls_verify_output_function with the replaced CA cert instead of the original cert. Signed-off-by: Daiki Ueno --- lib/x509/verify.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/x509/verify.c b/lib/x509/verify.c index bab223ceca..ee9bdd57f5 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -1224,12 +1224,13 @@ _gnutls_pkcs11_verify_crt_status(gnutls_x509_trust_list_t tlist, if (_gnutls_pkcs11_crt_is_known (url, certificate_list[i], vflags, &trusted_cert) != 0) { status |= check_ca_sanity(trusted_cert, now, flags); - gnutls_x509_crt_deinit(trusted_cert); if (func) - func(certificate_list[i], + func(trusted_cert, certificate_list[i], NULL, status); + gnutls_x509_crt_deinit(trusted_cert); + if (status != 0) { return gnutls_assert_val(status); } -- cgit v1.2.1