[gnutls-devel] GnuTLS | WIP: AIA callback to retrieve missing chain certificates (!1262)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon Jun 1 21:53:15 CEST 2020




Sahana Prasad commented on a discussion on lib/x509/verify.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262#note_353183547

> +				_gnutls_debug_log("gnutls_x509_crt_init: %s\n", gnutls_strerror(ret));
> +				gnutls_assert();
> +				MARK_INVALID(GNUTLS_CERT_SIGNER_NOT_FOUND);
> +				goto cleanup;
> +			}
> +
> +			/* missing issuer is populated by the callback */
> +			ret = tlist->issuer_callback(tlist, cert, issuer);
> +			if (ret < 0) {
> +				/* if the callback fails, continue as though the callback
> +				 * wasn't invoked i.e issuer remains NULL */
> +				gnutls_x509_crt_deinit(issuer);
> +				gnutls_assert();
> +				issuer = NULL;
> +			} else
> +				issuer_deinit = true;

@dueno Thanks, this was a good idea indeed.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262#note_353183547
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200601/03b4033f/attachment.html>


More information about the Gnutls-devel mailing list