]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
partially reverted 999d221fd2241ff73f884bf33d8cbe6eb8299184
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 14 Nov 2014 21:16:09 +0000 (22:16 +0100)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 14 Nov 2014 21:16:11 +0000 (22:16 +0100)
That change allows to use the intermediate certificates in chains
as OCSP anchors.

lib/gnutls_x509.c

index d5570af4f949e35e620fc67a0afdb36645b625a7..680a464cf9a00600acd917ee1febc51c61121e61 100644 (file)
@@ -62,7 +62,7 @@
  */
 static int
 check_ocsp_response(gnutls_session_t session, gnutls_x509_crt_t cert,
-                   gnutls_certificate_credentials_t cred,
+                   gnutls_x509_crt_t issuer,
                    gnutls_datum_t * data, unsigned int *ostatus)
 {
        gnutls_ocsp_resp_t resp;
@@ -96,7 +96,7 @@ check_ocsp_response(gnutls_session_t session, gnutls_x509_crt_t cert,
                goto cleanup;
        }
 
-       ret = gnutls_ocsp_resp_verify(resp, cred->tlist, &status, 0);
+       ret = gnutls_ocsp_resp_verify_direct(resp, issuer, &status, 0);
        if (ret < 0) {
                ret = gnutls_assert_val(0);
                gnutls_assert();
@@ -279,7 +279,7 @@ _gnutls_x509_cert_verify_peers(gnutls_session_t session,
        }
 
        ret =
-           check_ocsp_response(session, peer_certificate_list[0], cred,
+           check_ocsp_response(session, peer_certificate_list[0], issuer,
                                &resp, &ocsp_status);
        if (issuer_deinit != 0)
                gnutls_x509_crt_deinit(issuer);