From 903e0f51a9a51ddf0cb76bdfccf8ae5bc4e01793 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon@josefsson.org>
Date: Wed, 27 Dec 2006 08:54:43 +0000
Subject: [PATCH] (generate_rdn_seq): Store subject DN instead of issuer DN in the
certificate authority list, to make sure server's send the proper list
of expected CAs to the client. Reported by Max Kellermann
<max@duempel.org>.
---
lib/gnutls_x509.c | 6 ++----
1 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 5f4b3f2..e180535 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -990,8 +990,7 @@ generate_rdn_seq (gnutls_certificate_credentials_t res)
for (i = 0; i < res->x509_ncas; i++)
{
if ((ret =
- _gnutls_x509_crt_get_raw_issuer_dn (res->x509_ca_list[i],
- &tmp)) < 0)
+ _gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0)
{
gnutls_assert ();
return ret;
@@ -1016,8 +1015,7 @@ generate_rdn_seq (gnutls_certificate_credentials_t res)
for (i = 0; i < res->x509_ncas; i++)
{
if ((ret =
- _gnutls_x509_crt_get_raw_issuer_dn (res->x509_ca_list[i],
- &tmp)) < 0)
+ _gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0)
{
_gnutls_free_datum (&res->x509_rdn_sequence);
gnutls_assert ();
--
1.7.2.5
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
488f7d353752a24f1cc3f6fc2e121835
>
files
>
15
