[gnutls-devel] GnuTLS | WIP: AIA callback to retrieve missing chain certificates (!1262)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sat May 30 18:05:49 CEST 2020




Daiki Ueno commented on a discussion on lib/x509/verify.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262#note_352326308

> +				_gnutls_debug_log("gnutls_x509_crt_init: %s\n", gnutls_strerror(ret));
> +				gnutls_assert();
> +				MARK_INVALID(GNUTLS_CERT_SIGNER_NOT_FOUND);
> +				goto cleanup;
> +			}
> +
> +			/* missing issuer is populated by the callback */
> +			ret = tlist->issuer_callback(tlist, cert, issuer);
> +			if (ret < 0) {
> +				/* if the callback fails, continue as though the callback
> +				 * wasn't invoked i.e issuer remains NULL */
> +				gnutls_x509_crt_deinit(issuer);
> +				gnutls_assert();
> +				issuer = NULL;
> +			} else
> +				issuer_deinit = true;

Well, no. It will be `free`'ed if you call `gnutls_x509_trust_list_deinit` with `all` argument set to 1.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262#note_352326308
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200530/facb5739/attachment.html>


More information about the Gnutls-devel mailing list