[gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Mon Nov 16 10:55:03 CET 2020

Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_448006960

Sorry, @sahprasa. It's my fault not having thought it seriously, but I realized that the current usage of the issuer callback in the library is not very reasonable: we probably shouldn't modify the trust list during chain verification as a side effect.

Therefore, I moved the chain amendment logic from `verify_crt` to `gnutls_x509_trust_list_verify_crt2` and rewritten it in a side-effect free manner. The missingissuer test should now cover all the possible patterns.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_448006960
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20201116/69c54007/attachment.html>

More information about the Gnutls-devel mailing list