Lines 374-379
_gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
Link Here
|
374 |
int i = 0, ret; |
374 |
int i = 0, ret; |
375 |
unsigned int status = 0, output; |
375 |
unsigned int status = 0, output; |
376 |
|
376 |
|
|
|
377 |
/* Check if the last certificate in the path is self signed. |
378 |
* In that case ignore it (a certificate is trusted only if it |
379 |
* leads to a trusted party by us, not the server's). |
380 |
*/ |
381 |
if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], |
382 |
certificate_list[clist_size - 1]) > 0 |
383 |
&& clist_size > 0) |
384 |
{ |
385 |
clist_size--; |
386 |
} |
387 |
|
377 |
/* Verify the last certificate in the certificate path |
388 |
/* Verify the last certificate in the certificate path |
378 |
* against the trusted CA certificate list. |
389 |
* against the trusted CA certificate list. |
379 |
* |
390 |
* |
Lines 412-428
_gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
Link Here
|
412 |
} |
423 |
} |
413 |
#endif |
424 |
#endif |
414 |
|
425 |
|
415 |
/* Check if the last certificate in the path is self signed. |
|
|
416 |
* In that case ignore it (a certificate is trusted only if it |
417 |
* leads to a trusted party by us, not the server's). |
418 |
*/ |
419 |
if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], |
420 |
certificate_list[clist_size - 1]) > 0 |
421 |
&& clist_size > 0) |
422 |
{ |
423 |
clist_size--; |
424 |
} |
425 |
|
426 |
/* Verify the certificate path (chain) |
426 |
/* Verify the certificate path (chain) |
427 |
*/ |
427 |
*/ |
428 |
for (i = clist_size - 1; i > 0; i--) |
428 |
for (i = clist_size - 1; i > 0; i--) |
429 |
- |
|
|