Lines 376-381
Link Here
|
376 |
int i = 0, ret; |
376 |
int i = 0, ret; |
377 |
unsigned int status = 0, output; |
377 |
unsigned int status = 0, output; |
378 |
|
378 |
|
|
|
379 |
/* Check if the last certificate in the path is self signed. |
380 |
* In that case ignore it (a certificate is trusted only if it |
381 |
* leads to a trusted party by us, not the server's). |
382 |
*/ |
383 |
if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], |
384 |
certificate_list[clist_size - 1]) > 0 |
385 |
&& clist_size > 0) |
386 |
{ |
387 |
clist_size--; |
388 |
} |
389 |
|
379 |
/* Verify the last certificate in the certificate path |
390 |
/* Verify the last certificate in the certificate path |
380 |
* against the trusted CA certificate list. |
391 |
* against the trusted CA certificate list. |
381 |
* |
392 |
* |
Lines 414-430
Link Here
|
414 |
} |
425 |
} |
415 |
#endif |
426 |
#endif |
416 |
|
427 |
|
417 |
/* Check if the last certificate in the path is self signed. |
|
|
418 |
* In that case ignore it (a certificate is trusted only if it |
419 |
* leads to a trusted party by us, not the server's). |
420 |
*/ |
421 |
if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], |
422 |
certificate_list[clist_size - 1]) > 0 |
423 |
&& clist_size > 0) |
424 |
{ |
425 |
clist_size--; |
426 |
} |
427 |
|
428 |
/* Verify the certificate path (chain) |
428 |
/* Verify the certificate path (chain) |
429 |
*/ |
429 |
*/ |
430 |
for (i = clist_size - 1; i > 0; i--) |
430 |
for (i = clist_size - 1; i > 0; i--) |