[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_21_real-2-g
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_21_real-2-ga1b44f6 |
|
Date: |
Sat, 14 Jul 2012 08:44:30 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=a1b44f677aff32d6cfc7f494a47b8de86c81fb21
The branch, gnutls_3_0_x-2 has been updated
via a1b44f677aff32d6cfc7f494a47b8de86c81fb21 (commit)
via 14c40c59ac375185f8f54aba49931f918832105e (commit)
from 92218a876d4c2ec826eb922918487cb8879faaec (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a1b44f677aff32d6cfc7f494a47b8de86c81fb21
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jul 13 18:02:13 2012 +0200
When verifying a certificate chain make sure it is chain.
If the chain is interrupted (wrong) at some point then truncate,
only try to verify the correct part. Patch by David Woodhouse.
commit 14c40c59ac375185f8f54aba49931f918832105e
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jul 13 13:20:03 2012 +0200
added support for legacy sec-param.
-----------------------------------------------------------------------
Summary of changes:
lib/x509/verify-high.c | 12 ++++++++++++
src/certtool-common.c | 4 ++++
2 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
index b9572b2..3b3c02c 100644
--- a/lib/x509/verify-high.c
+++ b/lib/x509/verify-high.c
@@ -350,6 +350,18 @@ static int shorten_clist(gnutls_x509_trust_list_t list,
uint32_t hash;
gnutls_datum_t dn;
+ /* Start by truncating any disjoint list of certificates. For
+ * example, if the server presented a chain A->B->C->X->Y->Z
+ * where X is *not* actually the issuer of C, truncate at C.
+ */
+ for(i=1;i<clist_size;i++) {
+ if (!gnutls_x509_crt_check_issuer(certificate_list[i-1],
+ certificate_list[i])) {
+ gnutls_assert();
+ clist_size = i;
+ }
+ }
+
if (clist_size > 1) {
/* Check if the last certificate in the path is self signed.
* In that case ignore it (a certificate is trusted only if it
diff --git a/src/certtool-common.c b/src/certtool-common.c
index e2fdab9..75862ab 100644
--- a/src/certtool-common.c
+++ b/src/certtool-common.c
@@ -644,6 +644,10 @@ gnutls_sec_param_t str_to_sec_param (const char *str)
{
return GNUTLS_SEC_PARAM_LOW;
}
+ else if (strcasecmp (str, "legacy") == 0)
+ {
+ return GNUTLS_SEC_PARAM_LEGACY;
+ }
else if (strcasecmp (str, "normal") == 0)
{
return GNUTLS_SEC_PARAM_NORMAL;
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_21_real-2-ga1b44f6,
Nikos Mavrogiannopoulos <=