git.ipfire.org Git - thirdparty/gnutls.git/commit

author	Daiki Ueno <ueno@gnu.org>
	Wed, 11 Nov 2020 18:15:13 +0000 (19:15 +0100)
committer	Daiki Ueno <ueno@gnu.org>
	Thu, 19 Nov 2020 14:38:02 +0000 (15:38 +0100)
commit	ebb19db9165fed30d73c83bab1b1b8740c132dfd
tree	68938801d14b58d7b7fc30cff1b0d8b48a6bbc45	tree \| snapshot
parent	79b8965b3392e8504ba48ee0fc28b1b8f23a8fcf	commit \| diff

x509: rework issuer callback

The previous issuer callback API had a drawback: the callback is
supposed to add CA to the trust list by itself.  This was error-prone,
because the callback must check the new CA is trusted by the already
added CA.  This instead moves the responsibility to the library.

This also rewrites the chain amendment logic in a side-effect free
manner.  The application can assume that the trust information stored
on gnutls_x509_trust_list_t shouldn't change after the verification.

The missingissuer test has been extended to cover all the possible
patterns exhaustively.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

lib/cert-cred.c		diff \| blob \| blame \| history
lib/includes/gnutls/x509.h		diff \| blob \| blame \| history
lib/x509/verify-high.c		diff \| blob \| blame \| history
lib/x509/verify.c		diff \| blob \| blame \| history
src/cli.c		diff \| blob \| blame \| history
tests/missingissuer.c		diff \| blob \| blame \| history
tests/missingissuer_aia.c		diff \| blob \| blame \| history
tests/test-chains-issuer-aia.h		diff \| blob \| blame \| history
tests/test-chains-issuer.h		diff \| blob \| blame \| history