From 903e0f51a9a51ddf0cb76bdfccf8ae5bc4e01793 Mon Sep 17 00:00:00 2001 From: Simon Josefsson <simon@josefsson.org> Date: Wed, 27 Dec 2006 08:54:43 +0000 Subject: [PATCH] (generate_rdn_seq): Store subject DN instead of issuer DN in the certificate authority list, to make sure server's send the proper list of expected CAs to the client. Reported by Max Kellermann <max@duempel.org>. --- lib/gnutls_x509.c | 6 ++---- 1 files changed, 2 insertions(+), 4 deletions(-) diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 5f4b3f2..e180535 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -990,8 +990,7 @@ generate_rdn_seq (gnutls_certificate_credentials_t res) for (i = 0; i < res->x509_ncas; i++) { if ((ret = - _gnutls_x509_crt_get_raw_issuer_dn (res->x509_ca_list[i], - &tmp)) < 0) + _gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0) { gnutls_assert (); return ret; @@ -1016,8 +1015,7 @@ generate_rdn_seq (gnutls_certificate_credentials_t res) for (i = 0; i < res->x509_ncas; i++) { if ((ret = - _gnutls_x509_crt_get_raw_issuer_dn (res->x509_ca_list[i], - &tmp)) < 0) + _gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0) { _gnutls_free_datum (&res->x509_rdn_sequence); gnutls_assert (); -- 1.7.2.5