gnutls_x509_trust_list_verify_crt2: skip duped certs for PKCS11 too

The commit 09b40be6e0e0a59ba4bd764067eb353241043a70 (part of
gnutls/gnutls!1370) didn't cover the case where the trust store is
backed by PKCS #11, because it used _gnutls_trust_list_get_issuer,
which only works with file based trust store.

This patch replaces the call with more generic
gnutls_x509_trust_list_get_issuer so it also works with other trust
store implementations.

Reported by Michal Ruprich.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
index 9a16e6b42a06cdb44b8ecf58e07d9ab650351b32..736326ee18b96382d75552c0bcc61387ff036224 100644 (file)
--- a/lib/x509/verify-high.c
+++ b/lib/x509/verify-high.c
@@ -1495,10 +1495,10 @@ gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t list,
 
                /* If the issuer of the certificate is known, no need
                 * for further processing. */
-               if (_gnutls_trust_list_get_issuer(list,
-                                                 cert_list[i - 1],
-                                                 &issuer,
-                                                 0) == 0) {
+               if (gnutls_x509_trust_list_get_issuer(list,
+                                                     cert_list[i - 1],
+                                                     &issuer,
+                                                     0) == 0) {
                        cert_list_size = i;
                        break;
                }