From: Nikos Mavrogiannopoulos Date: Fri, 4 Apr 2014 20:11:23 +0000 (+0200) Subject: corrected check for sorted server certificate chain. X-Git-Tag: gnutls_3_3_0~48 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=dcf3702db4be9bc3a3cb70fca869472dcf39b4a4;p=thirdparty%2Fgnutls.git corrected check for sorted server certificate chain. --- diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 2afcabf966..96ae1dbb33 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -952,9 +952,7 @@ gnutls_certificate_set_x509_key_mem2(gnutls_certificate_credentials_t res, static int check_if_sorted(gnutls_pcert_st * crt, int nr) { gnutls_x509_crt_t x509; - void *prev_dn = NULL; - void *dn; - size_t prev_dn_size = 0, dn_size; + gnutls_x509_crt_t prev = NULL; int i, ret; /* check if the X.509 list is ordered */ @@ -974,28 +972,25 @@ static int check_if_sorted(gnutls_pcert_st * crt, int nr) } if (i > 0) { - dn_size = x509->raw_dn.size; - dn = x509->raw_dn.data; - - if (dn_size != prev_dn_size - || memcmp(dn, prev_dn, dn_size) != 0) { + if (gnutls_x509_crt_check_issuer(prev, x509) == 0) { ret = gnutls_assert_val (GNUTLS_E_CERTIFICATE_LIST_UNSORTED); goto cleanup; } - } - prev_dn_size = x509->raw_issuer_dn.size; - prev_dn = x509->raw_issuer_dn.data; + gnutls_x509_crt_deinit(prev); + } - gnutls_x509_crt_deinit(x509); + prev = x509; } + gnutls_x509_crt_deinit(prev); } return 0; cleanup: + gnutls_x509_crt_deinit(prev); gnutls_x509_crt_deinit(x509); return ret; }