<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style data-premailer="ignore" type="text/css">

a { color: #1068bf; }

</style>

<style>img {

max-width: 100%; height: auto;

}

body {

font-size: 0.875rem;

}

body {

-webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px;

}

body {

font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Noto Sans", Ubuntu, Cantarell, "Helvetica Neue", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji"; font-size: inherit;

}

</style>

</head>

<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Noto Sans", Ubuntu, Cantarell, "Helvetica Neue", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";'>

<div class="content">

<p style="color: #777777;">

<a href="https://gitlab.com/ametzler">Andreas Metzler</a>

commented on a

discussion on <a href="https://gitlab.com/gnutls/gnutls/-/merge_requests/1653#note_1136984774">lib/x509/verify-high.c</a>:

</p>

<table class="code gl-mb-5" style="border-spacing: 0; margin-bottom: 1rem; border-collapse: collapse; width: auto; font-family: monospace; font-size: 90%;" bgcolor="#fff" width="100%" cellpadding="0" cellspacing="0">

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="1489" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

1489

</td>

<td class="new_line diff-line-num old" data-linenumber="1399" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>-<span id="LC1489" class="line" lang="c">           <span class="k" style="font-weight: 600;">if</span> <span class="p">(</span><span class="o" style="font-weight: 600;">!</span><span class="p">(</span><span class="n" style="color: #333;">flags</span> <span class="o" style="font-weight: 600;">&</span> <span class="n" style="color: #333;">GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN</span><span class="p">))</span> <span class="p">{</span></span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="1490" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

1490

</td>

<td class="new_line diff-line-num old" data-linenumber="1399" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>-<span id="LC1490" class="line" lang="c">                   <span class="n" style="color: #333;">sorted_size</span> <span class="o" style="font-weight: 600;">=</span> <span class="n" style="color: #333;">_gnutls_sort_clist</span><span class="p">(</span><span class="o" style="font-weight: 600;">&</span><span class="n" style="color: #333;">cert_list</span><span class="p">[</span><span class="n" style="color: #333;">i</span><span class="p">],</span></span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="1491" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

1491

</td>

<td class="new_line diff-line-num old" data-linenumber="1399" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>-<span id="LC1491" class="line" lang="c">                                                    <span class="n" style="color: #333;">cert_list_size</span> <span class="o" style="font-weight: 600;">-</span> <span class="n" style="color: #333;">i</span><span class="p">);</span></span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="1492" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

1492

</td>

<td class="new_line diff-line-num old" data-linenumber="1399" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>-<span id="LC1492" class="line" lang="c">           <span class="p">}</span></span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="1493" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

1493

</td>

<td class="new_line diff-line-num old" data-linenumber="1399" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>-<span id="LC1493" class="line" lang="c"></span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="1494" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

1494

</td>

<td class="new_line diff-line-num old" data-linenumber="1399" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>-<span id="LC1494" class="line" lang="c">           <span class="cm" style="color: #998; font-style: italic;">/* Remove duplicates. Start with index 1, as the first element</span></span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="1495" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

1495

</td>

<td class="new_line diff-line-num old" data-linenumber="1399" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>-<span id="LC1495" class="line" lang="c"><span class="cm" style="color: #998; font-style: italic;">                * may be re-checked after issuer retrieval. */</span></span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="1496" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

1496

</td>

<td class="new_line diff-line-num old" data-linenumber="1399" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>-<span id="LC1496" class="line" lang="c">           <span class="k" style="font-weight: 600;">for</span> <span class="p">(</span><span class="n" style="color: #333;">j</span> <span class="o" style="font-weight: 600;">=</span> <span class="mi" style="color: #099;">1</span><span class="p">;</span> <span class="n" style="color: #333;">j</span> <span class="o" style="font-weight: 600;"><</span> <span class="n" style="color: #333;">sorted_size</span><span class="p">;</span> <span class="n" style="color: #333;">j</span><span class="o" style="font-weight: 600;">++</span><span class="p">)</span> <span class="p">{</span></span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="1497" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

1497

</td>

<td class="new_line diff-line-num old" data-linenumber="1399" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>-<span id="LC1497" class="line" lang="c">                   <span class="k" style="font-weight: 600;">if</span> <span class="p">(</span><span class="n" style="color: #333;">cert_set_contains</span><span class="p">(</span><span class="o" style="font-weight: 600;">&</span><span class="n" style="color: #333;">cert_set</span><span class="p">,</span> <span class="n" style="color: #333;">cert_list</span><span class="p">[</span><span class="n" style="color: #333;">i</span> <span class="o" style="font-weight: 600;">+</span> <span class="n" style="color: #333;">j</span><span class="p">]))</span> <span class="p">{</span></span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="1498" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

1498

</td>

<td class="new_line diff-line-num old" data-linenumber="1399" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>-<span id="LC1498" class="line" lang="c">                           <span class="k" style="font-weight: 600;">if</span> <span class="p">(</span><span class="n" style="color: #333;">i</span> <span class="o" style="font-weight: 600;">+</span> <span class="n" style="color: #333;">j</span> <span class="o" style="font-weight: 600;"><</span> <span class="n" style="color: #333;">cert_list_size</span> <span class="o" style="font-weight: 600;">-</span> <span class="mi" style="color: #099;">1</span><span class="p">)</span> <span class="p">{</span></span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="1499" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

1499

</td>

<td class="new_line diff-line-num old" data-linenumber="1399" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>-<span id="LC1499" class="line" lang="c">                                   <span class="n" style="color: #333;">memmove</span><span class="p">(</span><span class="o" style="font-weight: 600;">&</span><span class="n" style="color: #333;">cert_list</span><span class="p">[</span><span class="n" style="color: #333;">i</span> <span class="o" style="font-weight: 600;">+</span> <span class="n" style="color: #333;">j</span><span class="p">],</span></span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="1500" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

1500

</td>

<td class="new_line diff-line-num old" data-linenumber="1399" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>-<span id="LC1500" class="line" lang="c">                                           <span class="o" style="font-weight: 600;">&</span><span class="n" style="color: #333;">cert_list</span><span class="p">[</span><span class="n" style="color: #333;">i</span> <span class="o" style="font-weight: 600;">+</span> <span class="n" style="color: #333;">j</span> <span class="o" style="font-weight: 600;">+</span> <span class="mi" style="color: #099;">1</span><span class="p">],</span></span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="1501" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

1501

</td>

<td class="new_line diff-line-num old" data-linenumber="1399" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>-<span id="LC1501" class="line" lang="c">                                           <span class="k" style="font-weight: 600;">sizeof</span><span class="p">(</span><span class="n" style="color: #333;">cert_list</span><span class="p">[</span><span class="n" style="color: #333;">i</span><span class="p">]));</span></span>

</pre></td>

</tr>

<tr class="line_holder new" style="line-height: 1.6;">

<td class="old_line diff-line-num new" data-linenumber="1502" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

</td>

<td class="new_line diff-line-num new" data-linenumber="1399" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

1399

</td>

<td class="line_content new" style="padding: inherit;" bgcolor="#ecfdf0"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>+<span id="LC1399" class="line" lang="c">   <span class="cm" style="color: #998; font-style: italic;">/* Remove duplicates */</span></span>

</pre></td>

</tr>

<tr class="line_holder new" style="line-height: 1.6;">

<td class="old_line diff-line-num new" data-linenumber="1502" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

</td>

<td class="new_line diff-line-num new" data-linenumber="1400" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

1400

</td>

<td class="line_content new" style="padding: inherit;" bgcolor="#ecfdf0"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>+<span id="LC1400" class="line" lang="c">   <span class="k" style="font-weight: 600;">for</span> <span class="p">(</span><span class="n" style="color: #333;">i</span> <span class="o" style="font-weight: 600;">=</span> <span class="mi" style="color: #099;">0</span><span class="p">;</span> <span class="n" style="color: #333;">i</span> <span class="o" style="font-weight: 600;"><</span> <span class="n" style="color: #333;">cert_list_size</span> <span class="o" style="font-weight: 600;">-</span> <span class="mi" style="color: #099;">1</span> <span class="o" style="font-weight: 600;">&&</span> <span class="n" style="color: #333;">cert_list_size</span> <span class="o" style="font-weight: 600;"><=</span> <span class="n" style="color: #333;">DEFAULT_MAX_VERIFY_DEPTH</span><span class="p">;</span> <span class="o" style="font-weight: 600;">++</span><span class="n" style="color: #333;">i</span><span class="p">)</span> <span class="p">{</span></span>

</pre></td>

</tr>

<tr class="line_holder new" style="line-height: 1.6;">

<td class="old_line diff-line-num new" data-linenumber="1502" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

</td>

<td class="new_line diff-line-num new" data-linenumber="1401" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

1401

</td>

<td class="line_content new" style="padding: inherit;" bgcolor="#ecfdf0"><pre style='display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dbdbdb;'>+<span id="LC1401" class="line" lang="c">           <span class="k" style="font-weight: 600;">for</span> <span class="p">(</span><span class="n" style="color: #333;">j</span> <span class="o" style="font-weight: 600;">=</span> <span class="n" style="color: #333;">i</span> <span class="o" style="font-weight: 600;">+</span> <span class="mi" style="color: #099;">1</span><span class="p">;</span> <span class="n" style="color: #333;">j</span> <span class="o" style="font-weight: 600;"><</span> <span class="n" style="color: #333;">cert_list_size</span> <span class="o" style="font-weight: 600;">&&</span> <span class="n" style="color: #333;">cert_list_size</span> <span class="o" style="font-weight: 600;"><=</span> <span class="n" style="color: #333;">DEFAULT_MAX_VERIFY_DEPTH</span><span class="p">;</span> <span class="o" style="font-weight: 600;">++</span><span class="n" style="color: #333;">j</span><span class="p">)</span> <span class="p">{</span></span>

</pre></td>

</tr>

</table>

<div class="md" style="color: #303030; word-wrap: break-word;">

<p dir="auto" style="color: #303030; margin: 0 0 16px;" align="initial">On 2022-10-16 Daiki Ueno wrote:</p>

<blockquote dir="auto" style="font-size: inherit; color: #525252; box-shadow: inset 4px 0 0 0 #dbdbdb; border-left-color: #eaeaea; border-left-style: solid; margin: 0.5rem 0; padding: 0.5rem 0 0.5rem 1.5rem; border-width: 0 0 0 3px;" align="initial">

<p style="color: inherit; line-height: 1.5; margin: 0;">Can we fix the issue without removing the logic using <code style='font-size: 90%; color: #1f1f1f; word-wrap: break-word; background-color: #f0f0f0; border-radius: 4px; margin-top: 0; font-weight: inherit; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>cert_set</code>? The point of introducing <code style='font-size: 90%; color: #1f1f1f; word-wrap: break-word; background-color: #f0f0f0; border-radius: 4px; font-weight: inherit; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>cert_set</code> was to keep the algorithm being <code class="code math js-render-math" data-math-style="inline" style='font-size: 90%; color: #1f1f1f; word-wrap: break-word; background-color: #fff; border-radius: 4px; font-weight: inherit; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; -premailer-cellpadding: 0; -premailer-cellspacing: 0; -premailer-width: 100%; padding: 2px 4px;'>O(n)</code>, while this patch seems to make it <code class="code math js-render-math" data-math-style="inline" style='font-size: 90%; color: #1f1f1f; word-wrap: break-word; background-color: #fff; border-radius: 4px; font-weight: inherit; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; -premailer-cellpadding: 0; -premailer-cellspacing: 0; -premailer-width: 100%; padding: 2px 4px;'>O(n^2)</code> at the worst case, also assuming the original certificate chain is sorted.</p>

</blockquote>

<p dir="auto" style="color: #303030; margin: 0 0 16px;" align="initial">This hinges on <a href="/gnutls/gnutls/-/blob/master/lib/x509/verify-high.c#L1494" style="margin-top: 0;">verify-high.c line 1494</a></p>

<div class="gl-relative markdown-code-block js-markdown-code">

<pre class="code highlight js-syntax-highlight language-c" lang="c" v-pre="true" style="display: block; font-size: 13px; color: #303030; line-height: 1.6em; overflow-x: auto; border-radius: 4px; position: relative; font-family: monospace; word-break: break-all; word-wrap: break-word; background-color: #fff; -premailer-cellpadding: 0; -premailer-cellspacing: 0; -premailer-width: 100%; margin: 0 0 16px; padding: 12px; border: 1px solid #dbdbdb;"><code style='font-size: inherit; color: inherit; word-wrap: normal; word-break: keep-all; background-color: inherit; border-radius: 4px; white-space: pre; margin-top: 0; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; overflow-wrap: normal; padding: unset;'><span id="LC1" class="line" lang="c" style="margin-top: 0;"><span class="cm" style="margin-top: 0; color: #998; font-style: italic;">/* [...] Start with index 1, as the first element may be re-checked after issuer retrieval. */</span></span></code></pre>

<copy-code></copy-code>

</div>

<p dir="auto" style="color: #303030; margin: 0;" align="initial">The current code explicitly avoids taking the first item (in the context of the bug report this is the server certificate, but can it be something else, too?) into account but I do not understand the rationale <strong style="font-weight: bold; margin-top: 0;">at all</strong>. Does the first item change "after issuer retrieval"? And if not why should not we not remove copies further down in the chain? (The algorithm keeps the first instance and removes later ones.)

cu Andreas</p>

</div>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #666;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/merge_requests/1653#note_1136984774">view it on GitLab</a>.

<br>

You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://gitlab.com">gitlab.com</a>. <a href="https://gitlab.com/-/sent_notifications/0adfa1508fefc79368cdb908293cc29f/unsubscribe" target="_blank" rel="noopener noreferrer">Unsubscribe</a> from this thread · <a href="https://gitlab.com/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link">Manage all notifications</a> · <a href="https://gitlab.com/help" target="_blank" rel="noopener noreferrer" class="help-link">Help</a>

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Merge request","url":"https://gitlab.com/gnutls/gnutls/-/merge_requests/1653#note_1136984774"}}</script>

</p>

</div>

</body>

</html>