Attachment #329782 for bug #421463




		 */
		if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) {
			gnutls_x509_crt_t *cas;
#if GNUTLS_VERSION_MAJOR == 2
			unsigned int i, j, ncas;

			gnutls_certificate_get_x509_cas( ctx->cred, &cas, &ncas );

				if ( j == ncas )
					break;
			}
#elif GNUTLS_VERSION_MAJOR == 3
			gnutls_x509_crt_t ca;
			unsigned int i;
			for ( i = 1; i<VERIFY_DEPTH; i++ ) {
				rc= gnutls_certificate_get_issuer( ctx->cred, certs[i-1], &ca,  0 );
				if ( rc ) return -1;
				certs[i] = ca;
				/* If this CA is self-signed, we're done */
				if ( gnutls_x509_crt_check_issuer( ca, ca ))
					break;
			}
#endif
		}
		rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key );
		if ( rc ) return -1;

Return to bug 421463

Lines 369-374 Link Here

(-)openldap-2.4.33-1/libraries/libldap/tls_g.c (+13 lines)
369	*/	369	*/
370	if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) {	370	if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) {
371	gnutls_x509_crt_t *cas;	371	gnutls_x509_crt_t *cas;
		372	#if GNUTLS_VERSION_MAJOR == 2
372	unsigned int i, j, ncas;	373	unsigned int i, j, ncas;
373		374
374	gnutls_certificate_get_x509_cas( ctx->cred, &cas, &ncas );	375	gnutls_certificate_get_x509_cas( ctx->cred, &cas, &ncas );
Lines 387-392 Link Here
387	if ( j == ncas )	388	if ( j == ncas )
388	break;	389	break;
389	}	390	}
		391	#elif GNUTLS_VERSION_MAJOR == 3
		392	gnutls_x509_crt_t ca;
		393	unsigned int i;
		394	for ( i = 1; i<VERIFY_DEPTH; i++ ) {
		395	rc= gnutls_certificate_get_issuer( ctx->cred, certs[i-1], &ca, 0 );
		396	if ( rc ) return -1;
		397	certs[i] = ca;
		398	/* If this CA is self-signed, we're done */
		399	if ( gnutls_x509_crt_check_issuer( ca, ca ))
		400	break;
		401	}
		402	#endif
390	}	403	}
391	rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key );	404	rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key );
392	if ( rc ) return -1;	405	if ( rc ) return -1;