check the blacklist for certificates provided in gnutls_x509_trust_list_verify_named_...

diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
index 242f56939f0e3b1c91c0634cf1aa881683ee290e..2f10b8c29c529725cb5e21f58bcc919ca872bca7 100644 (file)
--- a/lib/x509/verify-high.c
+++ b/lib/x509/verify-high.c
@@ -715,6 +715,14 @@ gnutls_x509_trust_list_verify_named_crt(gnutls_x509_trust_list_t list,
     hash = hash_pjw_bare(cert->raw_issuer_dn.data, cert->raw_issuer_dn.size);
     hash %= list->size;
 
+    ret = check_if_in_blacklist(&cert, 1,
+               list->blacklisted, list->blacklisted_size);
+    if (ret != 0) {
+       *verify |= GNUTLS_CERT_REVOKED;
+       *verify |= GNUTLS_CERT_INVALID;
+       return 0;
+    }
+
     *verify = GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND;
 
     for (i = 0; i < list->node[hash].named_cert_size; i++) {