[gnutls-devel] Bugfixes for certificate lists
Tim Kosse
tim.kosse at filezilla-project.org
Sat Jul 9 13:05:23 CEST 2016
Hi,
for small certificate lists, gnutls_x509_crt_list_import2 is ignoring
the GNUTLS_X509_CRT_LIST_SORT and GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED
flags.
As result, gnutls-cli-debug incorrectly reports a server's certificate
chain order as sorted even if it isn't.
I've also fixed the documentation of gnutls_certificate_get_peers, the
list it returns isn't actually sorted.
I wonder, should we add a function that makes it easier to obtain a
sorted peer certificate list (or an error if it cannot be sorted)?
Regards,
Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-gnutls_certificate_get_peers-does-not-return-a-sorte.patch
Type: text/x-patch
Size: 1112 bytes
Desc: not available
URL: </pipermail/attachments/20160709/50cf4462/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-gnutls_x509_crl_list_import2-was-ignoring-the-passed.patch
Type: text/x-patch
Size: 860 bytes
Desc: not available
URL: </pipermail/attachments/20160709/50cf4462/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-gnutls_x509_crt_list_import2-was-ignoring-the-passed.patch
Type: text/x-patch
Size: 878 bytes
Desc: not available
URL: </pipermail/attachments/20160709/50cf4462/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-Add-test-for-gnutls_x509_crt_list_import2-with-flag-.patch
Type: text/x-patch
Size: 1103 bytes
Desc: not available
URL: </pipermail/attachments/20160709/50cf4462/attachment-0003.bin>
More information about the Gnutls-devel
mailing list