[gnutls-devel] GnuTLS | gnutls_x509_trust_list_verify_crt2: skip duped certs for PKCS11 too (!1398)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Mar 5 12:19:10 CET 2021

Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1398

Project:Branches: dueno/gnutls:wip/dueno/duplicate-certs-pkcs11 to gnutls/gnutls:master
Author:    Daiki Ueno

The commit 09b40be6e0e0a59ba4bd764067eb353241043a70 (part of !1370) didn't cover the case where the trust store is backed by PKCS#11, because it used `_gnutls_trust_list_get_issuer`,
which only works with file based trust store.

This patch replaces the call with more generic `gnutls_x509_trust_list_get_issuer` so it also works with other trust store implementations.

Reported by Michal Ruprich.

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1398
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210305/e6993392/attachment.html>

More information about the Gnutls-devel mailing list