[gnutls-devel] GnuTLS | x509: check certificate trust status when adding CA through AIA (!1354)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Mon Nov 16 10:55:03 CET 2020
Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_448006960
Sorry, @sahprasa. It's my fault not having thought it seriously, but I realized that the current usage of the issuer callback in the library is not very reasonable: we probably shouldn't modify the trust list during chain verification as a side effect.
Therefore, I moved the chain amendment logic from `verify_crt` to `gnutls_x509_trust_list_verify_crt2` and rewritten it in a side-effect free manner. The missingissuer test should now cover all the possible patterns.
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1354#note_448006960
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel