added doc on is_issuer() checks

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Thu, 27 Feb 2014 07:35:16 +0000 (08:35 +0100)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Thu, 27 Feb 2014 09:21:08 +0000 (10:21 +0100)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 27 Feb 2014 07:35:16 +0000 (08:35 +0100)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 27 Feb 2014 09:21:08 +0000 (10:21 +0100)
diff --git a/lib/x509/verify.c b/lib/x509/verify.c

index 4624a93b71865810b031cb8606732f19bc3b07c6..4a21c72e67c1d9b5be7e3fdd90e0f2562d677a41 100644 (file)
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -249,6 +249,8 @@ static bool is_issuer(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer)
                     gnutls_x509_crt_get_authority_key_id(cert, id1,
                                                          &id1_size, NULL);
                 if (ret < 0) {
+                       /* If there is no authority key identifier in the
+                        * certificate, assume they match */
                         ret = 1;
                         goto cleanup;
                 }
@@ -258,6 +260,8 @@ static bool is_issuer(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer)
                     gnutls_x509_crt_get_subject_key_id(issuer, id2,
                                                        &id2_size, NULL);
                 if (ret < 0) {
+                       /* If there is no subject key identifier in the
+                        * issuer certificate, assume they match */
                         ret = 1;
                         gnutls_assert();
                         goto cleanup;
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Thu, 27 Feb 2014 07:35:16 +0000 (08:35 +0100)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Thu, 27 Feb 2014 09:21:08 +0000 (10:21 +0100)