[glib-networking] gnutls: Prevent cycles when building the certificate chain

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib-networking] gnutls: Prevent cycles when building the certificate chain
Date: Thu, 28 Apr 2016 14:05:29 +0000 (UTC)

commit 7db4dbf03b21e382622d452afda5e28db31d0185
Author: Carlos Garcia Campos <cgarcia igalia com>
Date:   Thu Apr 21 12:28:05 2016 +0200

    gnutls: Prevent cycles when building the certificate chain
    
    Explicitly check self-signed certificates and leave a NULL issuer in that
    case.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=765317

 tls/gnutls/gtlscertificate-gnutls.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)
---
diff --git a/tls/gnutls/gtlscertificate-gnutls.c b/tls/gnutls/gtlscertificate-gnutls.c
index 4ff996c..8dd0544 100644
--- a/tls/gnutls/gtlscertificate-gnutls.c
+++ b/tls/gnutls/gtlscertificate-gnutls.c
@@ -722,6 +722,10 @@ g_tls_certificate_gnutls_build_chain (const gnutls_datum_t  *certs,
     {
       issuer = NULL;
 
+      /* Check if the cert issued itself */
+      if (gnutls_x509_crt_check_issuer (gnutls_certs[i], gnutls_certs[i]))
+        continue;
+
       if (i < num_certs - 1 &&
           gnutls_x509_crt_check_issuer (gnutls_certs[i], gnutls_certs[i + 1]))
         {

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]