[gnutls-devel] GnuTLS | cert-session: ensure that invalid flag is always set (!1304)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Wed Aug 12 10:08:01 CEST 2020
Daiki Ueno commented on a discussion on src/common.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1304#note_394626917
>
> gnutls_free(out.data);
>
> - if (status)
> + if (status) {
> + if (!(status & GNUTLS_CERT_INVALID))
This is to ensure the [documented](https://www.gnutls.org/manual/html_node/Verifying-X_002e509-certificate-paths.html#Verifying-X_002e509-certificate-paths) behavior: "The GNUTLS_CERT_INVALID flag is always set on a verification error and more detailed flags will also be set when appropriate."
IMO this is redundant, but some applications rely on it and we can't break them by removing the invariant.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1304#note_394626917
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200812/37cf203f/attachment.html>
More information about the Gnutls-devel
mailing list