[gnutls-devel] Bugfixes for certificate lists
Tim Kosse
tim.kosse at filezilla-project.org
Wed Jul 27 23:56:17 CEST 2016
Hi,
could I please get some feedback on these patches?
Regards,
Tim
On 2016-07-09 13:05, Tim Kosse wrote:
> Hi,
>
> for small certificate lists, gnutls_x509_crt_list_import2 is ignoring
> the GNUTLS_X509_CRT_LIST_SORT and GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED
> flags.
>
> As result, gnutls-cli-debug incorrectly reports a server's certificate
> chain order as sorted even if it isn't.
>
>
> I've also fixed the documentation of gnutls_certificate_get_peers, the
> list it returns isn't actually sorted.
>
>
> I wonder, should we add a function that makes it easier to obtain a
> sorted peer certificate list (or an error if it cannot be sorted)?
>
>
> Regards,
> Tim
>
More information about the Gnutls-devel
mailing list