[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gnutls fails to use Verisign CA cert without a Basic Constraint
From: |
Daniel Kahn Gillmor |
Subject: |
Re: gnutls fails to use Verisign CA cert without a Basic Constraint |
Date: |
Fri, 09 Jan 2009 12:06:00 -0500 |
User-agent: |
Mozilla-Thunderbird 2.0.0.17 (X11/20081018) |
On 01/09/2009 11:54 AM, Simon Josefsson wrote:
> "Douglas E. Engert" <address@hidden> writes:
>> Also should line 444 be |= rather the ^= ?
>
> That code is meant to _remove_ the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT
> flag from the flags parameter, unless
> GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT is set.
But ^= is bitwise xor, which *flips* the relevant bit, rather than
removing it. I think we want something like this, no?
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index c00b4bf..6ad4495 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -442,7 +442,7 @@ _gnutls_x509_verify_certificate (const
gnutls_x509_crt_t * certificate_list,
* certificates can exist in a supplied chain.
*/
if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT))
- flags ^= GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT;
+ flags &= ~GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT;
if ((ret =
_gnutls_verify_certificate2 (certificate_list[i - 1],
&certificate_list[i], 1, flags,
--dkg
signature.asc
Description: OpenPGP digital signature
- gnutls fails to use Verisign CA cert without a Basic Constraint, Douglas E. Engert, 2009/01/07
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Simon Josefsson, 2009/01/08
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Douglas E. Engert, 2009/01/08
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Simon Josefsson, 2009/01/09
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Simon Josefsson, 2009/01/09
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Tomas Mraz, 2009/01/09
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Simon Josefsson, 2009/01/09
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Tomas Mraz, 2009/01/09
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Douglas E. Engert, 2009/01/09
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Simon Josefsson, 2009/01/09
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint,
Daniel Kahn Gillmor <=
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Simon Josefsson, 2009/01/10
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Douglas E. Engert, 2009/01/09
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Simon Josefsson, 2009/01/10
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Nikos Mavrogiannopoulos, 2009/01/10
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Simon Josefsson, 2009/01/11
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Douglas E. Engert, 2009/01/12
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Douglas E. Engert, 2009/01/12
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Simon Josefsson, 2009/01/12
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Douglas E. Engert, 2009/01/12
- Re: gnutls fails to use Verisign CA cert without a Basic Constraint, Simon Josefsson, 2009/01/12