From: Nikos Mavrogiannopoulos Date: Thu, 13 Feb 2014 09:05:28 +0000 (+0100) Subject: ensure that the issuer in present in a trusted module. X-Git-Tag: gnutls_3_3_0pre0~186 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2d1898608e451dabcff9b9ccb890f04a8f619ebc;p=thirdparty%2Fgnutls.git ensure that the issuer in present in a trusted module. --- diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 6802611e97..40ccc08819 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -942,7 +942,7 @@ _gnutls_pkcs11_verify_certificate(const char* url, /* check against issuer */ ret = gnutls_pkcs11_get_raw_issuer(url, certificate_list[clist_size - 1], - &raw_issuer, GNUTLS_X509_FMT_DER, 0); + &raw_issuer, GNUTLS_X509_FMT_DER, GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE); if (ret < 0) { gnutls_assert(); status |= GNUTLS_CERT_INVALID;