From: Nikos Mavrogiannopoulos Date: Fri, 14 Nov 2014 21:16:09 +0000 (+0100) Subject: partially reverted 999d221fd2241ff73f884bf33d8cbe6eb8299184 X-Git-Tag: gnutls_3_4_0~604 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=05e55bfdfe4589b5c592912c12fda0cacfc4123b;p=thirdparty%2Fgnutls.git partially reverted 999d221fd2241ff73f884bf33d8cbe6eb8299184 That change allows to use the intermediate certificates in chains as OCSP anchors. --- diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index d5570af4f9..680a464cf9 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -62,7 +62,7 @@ */ static int check_ocsp_response(gnutls_session_t session, gnutls_x509_crt_t cert, - gnutls_certificate_credentials_t cred, + gnutls_x509_crt_t issuer, gnutls_datum_t * data, unsigned int *ostatus) { gnutls_ocsp_resp_t resp; @@ -96,7 +96,7 @@ check_ocsp_response(gnutls_session_t session, gnutls_x509_crt_t cert, goto cleanup; } - ret = gnutls_ocsp_resp_verify(resp, cred->tlist, &status, 0); + ret = gnutls_ocsp_resp_verify_direct(resp, issuer, &status, 0); if (ret < 0) { ret = gnutls_assert_val(0); gnutls_assert(); @@ -279,7 +279,7 @@ _gnutls_x509_cert_verify_peers(gnutls_session_t session, } ret = - check_ocsp_response(session, peer_certificate_list[0], cred, + check_ocsp_response(session, peer_certificate_list[0], issuer, &resp, &ocsp_status); if (issuer_deinit != 0) gnutls_x509_crt_deinit(issuer);