ensure that the issuer in present in a trusted module.

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Thu, 13 Feb 2014 09:05:28 +0000 (10:05 +0100)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Thu, 13 Feb 2014 09:05:41 +0000 (10:05 +0100)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 13 Feb 2014 09:05:28 +0000 (10:05 +0100)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 13 Feb 2014 09:05:41 +0000 (10:05 +0100)
diff --git a/lib/x509/verify.c b/lib/x509/verify.c

index 6802611e971d9002b08da1f8c07d722c104fde27..40ccc088196e2957e940e81b6cf8c8c60ecfe85e 100644 (file)
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -942,7 +942,7 @@ _gnutls_pkcs11_verify_certificate(const char* url,
  
         /* check against issuer */
         ret = gnutls_pkcs11_get_raw_issuer(url, certificate_list[clist_size - 1],
-               &raw_issuer, GNUTLS_X509_FMT_DER, 0);
+               &raw_issuer, GNUTLS_X509_FMT_DER, GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE);
         if (ret < 0) {
                 gnutls_assert();
                 status |= GNUTLS_CERT_INVALID;
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Thu, 13 Feb 2014 09:05:28 +0000 (10:05 +0100)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Thu, 13 Feb 2014 09:05:41 +0000 (10:05 +0100)