From: Nikos Mavrogiannopoulos Date: Sat, 8 Mar 2014 16:38:49 +0000 (+0100) Subject: re-enabled certificate verification X-Git-Tag: gnutls_3_3_0pre0~47 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eefcdd8815f9629409f006a76a5710f479eca341;p=thirdparty%2Fgnutls.git re-enabled certificate verification --- diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 538e4aeb60..037329ee54 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -752,7 +752,8 @@ verify_crt(gnutls_x509_crt_t cert, result = 0; gnutls_assert(); goto cleanup; - } + } else if (ret == 1) + result = 1; /* Check activation/expiration times */ @@ -761,6 +762,7 @@ verify_crt(gnutls_x509_crt_t cert, if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS)) { out |= check_time(issuer, now); if (out != 0) { + gnutls_assert(); result = 0; if (output) *output |= out; @@ -769,6 +771,7 @@ verify_crt(gnutls_x509_crt_t cert, out |= check_time(cert, now); if (out != 0) { + gnutls_assert(); result = 0; if (output) *output |= out; @@ -941,6 +944,7 @@ _gnutls_x509_verify_certificate(const gnutls_x509_crt_t * certificate_list, &certificate_list[i], 1, flags, &output, NULL, now, &max_path, nc, func)) != 1) { + gnutls_assert(); status |= output; status |= GNUTLS_CERT_INVALID; goto cleanup;