From: Nikos Mavrogiannopoulos Date: Sun, 16 Sep 2012 20:50:09 +0000 (+0200) Subject: removed a now redundant chain check X-Git-Tag: gnutls_3_1_2~54 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e7b65df28abd19bd9a2e8de11d7b1c9ead9c5fcf;p=thirdparty%2Fgnutls.git removed a now redundant chain check --- diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c index a4f883f3e7..d8addbaeb3 100644 --- a/lib/x509/verify-high.c +++ b/lib/x509/verify-high.c @@ -355,18 +355,6 @@ static int shorten_clist(gnutls_x509_trust_list_t list, uint32_t hash; gnutls_datum_t dn; - /* Start by truncating any disjoint list of certificates. For - * example, if the server presented a chain A->B->C->X->Y->Z - * where X is *not* actually the issuer of C, truncate at C. - */ - for(i=1;i 1) { /* Check if the last certificate in the path is self signed. * In that case ignore it (a certificate is trusted only if it @@ -440,10 +428,9 @@ static gnutls_x509_crt_t* sort_clist(gnutls_x509_crt_t sorted[MAX_CERTS_TO_SORT] for (i=0;iB->C->X->Y->Z - * where X is *not* actually the issuer of C, truncate at C. - */ + /* Find the issuer of each certificate and store it + * in issuer array. + */ for(i=0;i<*clist_size;i++) { for (j=1;j<*clist_size;j++)