|
Lines 374-379
_gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
Link Here
|
| 374 |
int i = 0, ret; |
374 |
int i = 0, ret; |
| 375 |
unsigned int status = 0, output; |
375 |
unsigned int status = 0, output; |
| 376 |
|
376 |
|
|
|
377 |
/* Check if the last certificate in the path is self signed. |
| 378 |
* In that case ignore it (a certificate is trusted only if it |
| 379 |
* leads to a trusted party by us, not the server's). |
| 380 |
*/ |
| 381 |
if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], |
| 382 |
certificate_list[clist_size - 1]) > 0 |
| 383 |
&& clist_size > 0) |
| 384 |
{ |
| 385 |
clist_size--; |
| 386 |
} |
| 387 |
|
| 377 |
/* Verify the last certificate in the certificate path |
388 |
/* Verify the last certificate in the certificate path |
| 378 |
* against the trusted CA certificate list. |
389 |
* against the trusted CA certificate list. |
| 379 |
* |
390 |
* |
|
Lines 412-428
_gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
Link Here
|
| 412 |
} |
423 |
} |
| 413 |
#endif |
424 |
#endif |
| 414 |
|
425 |
|
| 415 |
/* Check if the last certificate in the path is self signed. |
|
|
| 416 |
* In that case ignore it (a certificate is trusted only if it |
| 417 |
* leads to a trusted party by us, not the server's). |
| 418 |
*/ |
| 419 |
if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], |
| 420 |
certificate_list[clist_size - 1]) > 0 |
| 421 |
&& clist_size > 0) |
| 422 |
{ |
| 423 |
clist_size--; |
| 424 |
} |
| 425 |
|
| 426 |
/* Verify the certificate path (chain) |
426 |
/* Verify the certificate path (chain) |
| 427 |
*/ |
427 |
*/ |
| 428 |
for (i = clist_size - 1; i > 0; i--) |
428 |
for (i = clist_size - 1; i > 0; i--) |
| 429 |
- |
|
|
