diff options
Diffstat (limited to 'src/daemon/https/x509/x509_verify.c')
-rw-r--r-- | src/daemon/https/x509/x509_verify.c | 139 |
1 files changed, 75 insertions, 64 deletions
diff --git a/src/daemon/https/x509/x509_verify.c b/src/daemon/https/x509/x509_verify.c index c85aa52e..35513810 100644 --- a/src/daemon/https/x509/x509_verify.c +++ b/src/daemon/https/x509/x509_verify.c | |||
@@ -42,20 +42,21 @@ | |||
42 | #include <verify.h> | 42 | #include <verify.h> |
43 | 43 | ||
44 | static int MHD__gnutls_verify_certificate2 (MHD_gnutls_x509_crt_t cert, | 44 | static int MHD__gnutls_verify_certificate2 (MHD_gnutls_x509_crt_t cert, |
45 | const MHD_gnutls_x509_crt_t * trusted_cas, | 45 | const MHD_gnutls_x509_crt_t * |
46 | int tcas_size, | 46 | trusted_cas, int tcas_size, |
47 | unsigned int flags, | 47 | unsigned int flags, |
48 | unsigned int *output); | 48 | unsigned int *output); |
49 | int MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * signed_data, | 49 | int MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * signed_data, |
50 | const MHD_gnutls_datum_t * signature, | 50 | const MHD_gnutls_datum_t * signature, |
51 | MHD_gnutls_x509_crt_t issuer); | 51 | MHD_gnutls_x509_crt_t issuer); |
52 | 52 | ||
53 | static | 53 | static |
54 | int is_crl_issuer (MHD_gnutls_x509_crl_t crl, MHD_gnutls_x509_crt_t issuer_cert); | 54 | int is_crl_issuer (MHD_gnutls_x509_crl_t crl, |
55 | MHD_gnutls_x509_crt_t issuer_cert); | ||
55 | static int MHD__gnutls_verify_crl2 (MHD_gnutls_x509_crl_t crl, | 56 | static int MHD__gnutls_verify_crl2 (MHD_gnutls_x509_crl_t crl, |
56 | const MHD_gnutls_x509_crt_t * trusted_cas, | 57 | const MHD_gnutls_x509_crt_t * trusted_cas, |
57 | int tcas_size, | 58 | int tcas_size, unsigned int flags, |
58 | unsigned int flags, unsigned int *output); | 59 | unsigned int *output); |
59 | 60 | ||
60 | /* Checks if the issuer of a certificate is a | 61 | /* Checks if the issuer of a certificate is a |
61 | * Certificate Authority, or if the certificate is the same | 62 | * Certificate Authority, or if the certificate is the same |
@@ -88,7 +89,7 @@ check_if_ca (MHD_gnutls_x509_crt_t cert, | |||
88 | */ | 89 | */ |
89 | 90 | ||
90 | result = MHD__gnutls_x509_get_signed_data (issuer->cert, "tbsCertificate", | 91 | result = MHD__gnutls_x509_get_signed_data (issuer->cert, "tbsCertificate", |
91 | &issuer_signed_data); | 92 | &issuer_signed_data); |
92 | if (result < 0) | 93 | if (result < 0) |
93 | { | 94 | { |
94 | MHD_gnutls_assert (); | 95 | MHD_gnutls_assert (); |
@@ -96,7 +97,7 @@ check_if_ca (MHD_gnutls_x509_crt_t cert, | |||
96 | } | 97 | } |
97 | 98 | ||
98 | result = MHD__gnutls_x509_get_signed_data (cert->cert, "tbsCertificate", | 99 | result = MHD__gnutls_x509_get_signed_data (cert->cert, "tbsCertificate", |
99 | &cert_signed_data); | 100 | &cert_signed_data); |
100 | if (result < 0) | 101 | if (result < 0) |
101 | { | 102 | { |
102 | MHD_gnutls_assert (); | 103 | MHD_gnutls_assert (); |
@@ -104,7 +105,7 @@ check_if_ca (MHD_gnutls_x509_crt_t cert, | |||
104 | } | 105 | } |
105 | 106 | ||
106 | result = MHD__gnutls_x509_get_signature (issuer->cert, "signature", | 107 | result = MHD__gnutls_x509_get_signature (issuer->cert, "signature", |
107 | &issuer_signature); | 108 | &issuer_signature); |
108 | if (result < 0) | 109 | if (result < 0) |
109 | { | 110 | { |
110 | MHD_gnutls_assert (); | 111 | MHD_gnutls_assert (); |
@@ -228,9 +229,9 @@ find_issuer (MHD_gnutls_x509_crt_t cert, | |||
228 | */ | 229 | */ |
229 | static int | 230 | static int |
230 | MHD__gnutls_verify_certificate2 (MHD_gnutls_x509_crt_t cert, | 231 | MHD__gnutls_verify_certificate2 (MHD_gnutls_x509_crt_t cert, |
231 | const MHD_gnutls_x509_crt_t * trusted_cas, | 232 | const MHD_gnutls_x509_crt_t * trusted_cas, |
232 | int tcas_size, | 233 | int tcas_size, |
233 | unsigned int flags, unsigned int *output) | 234 | unsigned int flags, unsigned int *output) |
234 | { | 235 | { |
235 | MHD_gnutls_datum_t cert_signed_data = { NULL, | 236 | MHD_gnutls_datum_t cert_signed_data = { NULL, |
236 | 0 | 237 | 0 |
@@ -287,7 +288,7 @@ MHD__gnutls_verify_certificate2 (MHD_gnutls_x509_crt_t cert, | |||
287 | } | 288 | } |
288 | 289 | ||
289 | result = MHD__gnutls_x509_get_signed_data (cert->cert, "tbsCertificate", | 290 | result = MHD__gnutls_x509_get_signed_data (cert->cert, "tbsCertificate", |
290 | &cert_signed_data); | 291 | &cert_signed_data); |
291 | if (result < 0) | 292 | if (result < 0) |
292 | { | 293 | { |
293 | MHD_gnutls_assert (); | 294 | MHD_gnutls_assert (); |
@@ -303,7 +304,7 @@ MHD__gnutls_verify_certificate2 (MHD_gnutls_x509_crt_t cert, | |||
303 | } | 304 | } |
304 | 305 | ||
305 | ret = MHD__gnutls_x509_verify_signature (&cert_signed_data, &cert_signature, | 306 | ret = MHD__gnutls_x509_verify_signature (&cert_signed_data, &cert_signature, |
306 | issuer); | 307 | issuer); |
307 | if (ret < 0) | 308 | if (ret < 0) |
308 | { | 309 | { |
309 | MHD_gnutls_assert (); | 310 | MHD_gnutls_assert (); |
@@ -360,7 +361,7 @@ cleanup:MHD__gnutls_free_datum (&cert_signed_data); | |||
360 | **/ | 361 | **/ |
361 | int | 362 | int |
362 | MHD_gnutls_x509_crt_check_issuer (MHD_gnutls_x509_crt_t cert, | 363 | MHD_gnutls_x509_crt_check_issuer (MHD_gnutls_x509_crt_t cert, |
363 | MHD_gnutls_x509_crt_t issuer) | 364 | MHD_gnutls_x509_crt_t issuer) |
364 | { | 365 | { |
365 | return is_issuer (cert, issuer); | 366 | return is_issuer (cert, issuer); |
366 | } | 367 | } |
@@ -377,12 +378,12 @@ MHD_gnutls_x509_crt_check_issuer (MHD_gnutls_x509_crt_t cert, | |||
377 | * lead to a trusted CA in order to be trusted. | 378 | * lead to a trusted CA in order to be trusted. |
378 | */ | 379 | */ |
379 | static unsigned int | 380 | static unsigned int |
380 | MHD__gnutls_x509_verify_certificate (const MHD_gnutls_x509_crt_t * certificate_list, | 381 | MHD__gnutls_x509_verify_certificate (const MHD_gnutls_x509_crt_t * |
381 | int clist_size, | 382 | certificate_list, int clist_size, |
382 | const MHD_gnutls_x509_crt_t * trusted_cas, | 383 | const MHD_gnutls_x509_crt_t * |
383 | int tcas_size, | 384 | trusted_cas, int tcas_size, |
384 | const MHD_gnutls_x509_crl_t * CRLs, | 385 | const MHD_gnutls_x509_crl_t * CRLs, |
385 | int crls_size, unsigned int flags) | 386 | int crls_size, unsigned int flags) |
386 | { | 387 | { |
387 | int i = 0, ret; | 388 | int i = 0, ret; |
388 | unsigned int status = 0, output; | 389 | unsigned int status = 0, output; |
@@ -394,7 +395,8 @@ MHD__gnutls_x509_verify_certificate (const MHD_gnutls_x509_crt_t * certificate_l | |||
394 | * in self signed etc certificates. | 395 | * in self signed etc certificates. |
395 | */ | 396 | */ |
396 | ret = MHD__gnutls_verify_certificate2 (certificate_list[clist_size - 1], | 397 | ret = MHD__gnutls_verify_certificate2 (certificate_list[clist_size - 1], |
397 | trusted_cas, tcas_size, flags, &output); | 398 | trusted_cas, tcas_size, flags, |
399 | &output); | ||
398 | 400 | ||
399 | if (ret == 0) | 401 | if (ret == 0) |
400 | { | 402 | { |
@@ -414,7 +416,7 @@ MHD__gnutls_x509_verify_certificate (const MHD_gnutls_x509_crt_t * certificate_l | |||
414 | for (i = 0; i < clist_size; i++) | 416 | for (i = 0; i < clist_size; i++) |
415 | { | 417 | { |
416 | ret = MHD_gnutls_x509_crt_check_revocation (certificate_list[i], | 418 | ret = MHD_gnutls_x509_crt_check_revocation (certificate_list[i], |
417 | CRLs, crls_size); | 419 | CRLs, crls_size); |
418 | if (ret == 1) | 420 | if (ret == 1) |
419 | { /* revoked */ | 421 | { /* revoked */ |
420 | status |= GNUTLS_CERT_REVOKED; | 422 | status |= GNUTLS_CERT_REVOKED; |
@@ -429,7 +431,7 @@ MHD__gnutls_x509_verify_certificate (const MHD_gnutls_x509_crt_t * certificate_l | |||
429 | * leads to a trusted party by us, not the server's). | 431 | * leads to a trusted party by us, not the server's). |
430 | */ | 432 | */ |
431 | if (MHD_gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], | 433 | if (MHD_gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], |
432 | certificate_list[clist_size - 1]) > 0 | 434 | certificate_list[clist_size - 1]) > 0 |
433 | && clist_size > 0) | 435 | && clist_size > 0) |
434 | { | 436 | { |
435 | clist_size--; | 437 | clist_size--; |
@@ -448,8 +450,8 @@ MHD__gnutls_x509_verify_certificate (const MHD_gnutls_x509_crt_t * certificate_l | |||
448 | if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) | 450 | if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) |
449 | flags ^= GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT; | 451 | flags ^= GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT; |
450 | if ((ret = MHD__gnutls_verify_certificate2 (certificate_list[i - 1], | 452 | if ((ret = MHD__gnutls_verify_certificate2 (certificate_list[i - 1], |
451 | &certificate_list[i], 1, flags, | 453 | &certificate_list[i], 1, |
452 | NULL)) == 0) | 454 | flags, NULL)) == 0) |
453 | { | 455 | { |
454 | status |= GNUTLS_CERT_INVALID; | 456 | status |= GNUTLS_CERT_INVALID; |
455 | return status; | 457 | return status; |
@@ -474,8 +476,8 @@ decode_ber_digest_info (const MHD_gnutls_datum_t * info, | |||
474 | int len; | 476 | int len; |
475 | 477 | ||
476 | if ((result = MHD__asn1_create_element (MHD__gnutls_getMHD__gnutls_asn (), | 478 | if ((result = MHD__asn1_create_element (MHD__gnutls_getMHD__gnutls_asn (), |
477 | "GNUTLS.DigestInfo", | 479 | "GNUTLS.DigestInfo", |
478 | &dinfo)) != ASN1_SUCCESS) | 480 | &dinfo)) != ASN1_SUCCESS) |
479 | { | 481 | { |
480 | MHD_gnutls_assert (); | 482 | MHD_gnutls_assert (); |
481 | return MHD_gtls_asn2err (result); | 483 | return MHD_gtls_asn2err (result); |
@@ -490,7 +492,8 @@ decode_ber_digest_info (const MHD_gnutls_datum_t * info, | |||
490 | } | 492 | } |
491 | 493 | ||
492 | len = sizeof (str) - 1; | 494 | len = sizeof (str) - 1; |
493 | result = MHD__asn1_read_value (dinfo, "digestAlgorithm.algorithm", str, &len); | 495 | result = |
496 | MHD__asn1_read_value (dinfo, "digestAlgorithm.algorithm", str, &len); | ||
494 | if (result != ASN1_SUCCESS) | 497 | if (result != ASN1_SUCCESS) |
495 | { | 498 | { |
496 | MHD_gnutls_assert (); | 499 | MHD_gnutls_assert (); |
@@ -511,7 +514,8 @@ decode_ber_digest_info (const MHD_gnutls_datum_t * info, | |||
511 | } | 514 | } |
512 | 515 | ||
513 | len = sizeof (str) - 1; | 516 | len = sizeof (str) - 1; |
514 | result = MHD__asn1_read_value (dinfo, "digestAlgorithm.parameters", str, &len); | 517 | result = |
518 | MHD__asn1_read_value (dinfo, "digestAlgorithm.parameters", str, &len); | ||
515 | /* To avoid permitting garbage in the parameters field, either the | 519 | /* To avoid permitting garbage in the parameters field, either the |
516 | parameters field is not present, or it contains 0x05 0x00. */ | 520 | parameters field is not present, or it contains 0x05 0x00. */ |
517 | if (! | 521 | if (! |
@@ -640,8 +644,8 @@ verify_sig (const MHD_gnutls_datum_t * tbs, | |||
640 | */ | 644 | */ |
641 | int | 645 | int |
642 | MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * tbs, | 646 | MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * tbs, |
643 | const MHD_gnutls_datum_t * signature, | 647 | const MHD_gnutls_datum_t * signature, |
644 | MHD_gnutls_x509_crt_t issuer) | 648 | MHD_gnutls_x509_crt_t issuer) |
645 | { | 649 | { |
646 | mpi_t issuer_params[MAX_PUBLIC_PARAMS_SIZE]; | 650 | mpi_t issuer_params[MAX_PUBLIC_PARAMS_SIZE]; |
647 | int ret, issuer_params_size, i; | 651 | int ret, issuer_params_size, i; |
@@ -650,16 +654,18 @@ MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * tbs, | |||
650 | */ | 654 | */ |
651 | issuer_params_size = MAX_PUBLIC_PARAMS_SIZE; | 655 | issuer_params_size = MAX_PUBLIC_PARAMS_SIZE; |
652 | ret = | 656 | ret = |
653 | MHD__gnutls_x509_crt_get_mpis (issuer, issuer_params, &issuer_params_size); | 657 | MHD__gnutls_x509_crt_get_mpis (issuer, issuer_params, |
658 | &issuer_params_size); | ||
654 | if (ret < 0) | 659 | if (ret < 0) |
655 | { | 660 | { |
656 | MHD_gnutls_assert (); | 661 | MHD_gnutls_assert (); |
657 | return ret; | 662 | return ret; |
658 | } | 663 | } |
659 | 664 | ||
660 | ret = verify_sig (tbs, signature, MHD_gnutls_x509_crt_get_pk_algorithm (issuer, | 665 | ret = |
661 | NULL), | 666 | verify_sig (tbs, signature, |
662 | issuer_params, issuer_params_size); | 667 | MHD_gnutls_x509_crt_get_pk_algorithm (issuer, NULL), |
668 | issuer_params, issuer_params_size); | ||
663 | if (ret < 0) | 669 | if (ret < 0) |
664 | { | 670 | { |
665 | MHD_gnutls_assert (); | 671 | MHD_gnutls_assert (); |
@@ -683,8 +689,9 @@ MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * tbs, | |||
683 | */ | 689 | */ |
684 | int | 690 | int |
685 | MHD__gnutls_x509_privkey_verify_signature (const MHD_gnutls_datum_t * tbs, | 691 | MHD__gnutls_x509_privkey_verify_signature (const MHD_gnutls_datum_t * tbs, |
686 | const MHD_gnutls_datum_t * signature, | 692 | const MHD_gnutls_datum_t * |
687 | MHD_gnutls_x509_privkey_t issuer) | 693 | signature, |
694 | MHD_gnutls_x509_privkey_t issuer) | ||
688 | { | 695 | { |
689 | int ret; | 696 | int ret; |
690 | 697 | ||
@@ -734,12 +741,12 @@ MHD__gnutls_x509_privkey_verify_signature (const MHD_gnutls_datum_t * tbs, | |||
734 | **/ | 741 | **/ |
735 | int | 742 | int |
736 | MHD_gnutls_x509_crt_list_verify (const MHD_gnutls_x509_crt_t * cert_list, | 743 | MHD_gnutls_x509_crt_list_verify (const MHD_gnutls_x509_crt_t * cert_list, |
737 | int cert_list_length, | 744 | int cert_list_length, |
738 | const MHD_gnutls_x509_crt_t * CA_list, | 745 | const MHD_gnutls_x509_crt_t * CA_list, |
739 | int CA_list_length, | 746 | int CA_list_length, |
740 | const MHD_gnutls_x509_crl_t * CRL_list, | 747 | const MHD_gnutls_x509_crl_t * CRL_list, |
741 | int CRL_list_length, | 748 | int CRL_list_length, |
742 | unsigned int flags, unsigned int *verify) | 749 | unsigned int flags, unsigned int *verify) |
743 | { | 750 | { |
744 | if (cert_list == NULL || cert_list_length == 0) | 751 | if (cert_list == NULL || cert_list_length == 0) |
745 | return GNUTLS_E_NO_CERTIFICATE_FOUND; | 752 | return GNUTLS_E_NO_CERTIFICATE_FOUND; |
@@ -747,9 +754,9 @@ MHD_gnutls_x509_crt_list_verify (const MHD_gnutls_x509_crt_t * cert_list, | |||
747 | /* Verify certificate | 754 | /* Verify certificate |
748 | */ | 755 | */ |
749 | *verify = MHD__gnutls_x509_verify_certificate (cert_list, cert_list_length, | 756 | *verify = MHD__gnutls_x509_verify_certificate (cert_list, cert_list_length, |
750 | CA_list, CA_list_length, | 757 | CA_list, CA_list_length, |
751 | CRL_list, CRL_list_length, | 758 | CRL_list, CRL_list_length, |
752 | flags); | 759 | flags); |
753 | 760 | ||
754 | return 0; | 761 | return 0; |
755 | } | 762 | } |
@@ -770,15 +777,15 @@ MHD_gnutls_x509_crt_list_verify (const MHD_gnutls_x509_crt_t * cert_list, | |||
770 | **/ | 777 | **/ |
771 | int | 778 | int |
772 | MHD_gnutls_x509_crt_verify (MHD_gnutls_x509_crt_t cert, | 779 | MHD_gnutls_x509_crt_verify (MHD_gnutls_x509_crt_t cert, |
773 | const MHD_gnutls_x509_crt_t * CA_list, | 780 | const MHD_gnutls_x509_crt_t * CA_list, |
774 | int CA_list_length, | 781 | int CA_list_length, |
775 | unsigned int flags, unsigned int *verify) | 782 | unsigned int flags, unsigned int *verify) |
776 | { | 783 | { |
777 | int ret; | 784 | int ret; |
778 | /* Verify certificate | 785 | /* Verify certificate |
779 | */ | 786 | */ |
780 | ret = MHD__gnutls_verify_certificate2 (cert, CA_list, CA_list_length, flags, | 787 | ret = MHD__gnutls_verify_certificate2 (cert, CA_list, CA_list_length, flags, |
781 | verify); | 788 | verify); |
782 | if (ret < 0) | 789 | if (ret < 0) |
783 | { | 790 | { |
784 | MHD_gnutls_assert (); | 791 | MHD_gnutls_assert (); |
@@ -804,7 +811,7 @@ MHD_gnutls_x509_crt_verify (MHD_gnutls_x509_crt_t cert, | |||
804 | **/ | 811 | **/ |
805 | int | 812 | int |
806 | MHD_gnutls_x509_crl_check_issuer (MHD_gnutls_x509_crl_t cert, | 813 | MHD_gnutls_x509_crl_check_issuer (MHD_gnutls_x509_crl_t cert, |
807 | MHD_gnutls_x509_crt_t issuer) | 814 | MHD_gnutls_x509_crt_t issuer) |
808 | { | 815 | { |
809 | return is_crl_issuer (cert, issuer); | 816 | return is_crl_issuer (cert, issuer); |
810 | } | 817 | } |
@@ -826,9 +833,9 @@ MHD_gnutls_x509_crl_check_issuer (MHD_gnutls_x509_crl_t cert, | |||
826 | **/ | 833 | **/ |
827 | int | 834 | int |
828 | MHD_gnutls_x509_crl_verify (MHD_gnutls_x509_crl_t crl, | 835 | MHD_gnutls_x509_crl_verify (MHD_gnutls_x509_crl_t crl, |
829 | const MHD_gnutls_x509_crt_t * CA_list, | 836 | const MHD_gnutls_x509_crt_t * CA_list, |
830 | int CA_list_length, unsigned int flags, | 837 | int CA_list_length, unsigned int flags, |
831 | unsigned int *verify) | 838 | unsigned int *verify) |
832 | { | 839 | { |
833 | int ret; | 840 | int ret; |
834 | /* Verify crl | 841 | /* Verify crl |
@@ -906,8 +913,9 @@ find_crl_issuer (MHD_gnutls_x509_crl_t crl, | |||
906 | */ | 913 | */ |
907 | static int | 914 | static int |
908 | MHD__gnutls_verify_crl2 (MHD_gnutls_x509_crl_t crl, | 915 | MHD__gnutls_verify_crl2 (MHD_gnutls_x509_crl_t crl, |
909 | const MHD_gnutls_x509_crt_t * trusted_cas, | 916 | const MHD_gnutls_x509_crt_t * trusted_cas, |
910 | int tcas_size, unsigned int flags, unsigned int *output) | 917 | int tcas_size, unsigned int flags, |
918 | unsigned int *output) | ||
911 | { | 919 | { |
912 | /* CRL is ignored for now */ | 920 | /* CRL is ignored for now */ |
913 | MHD_gnutls_datum_t crl_signed_data = { NULL, 0 }; | 921 | MHD_gnutls_datum_t crl_signed_data = { NULL, 0 }; |
@@ -951,14 +959,16 @@ MHD__gnutls_verify_crl2 (MHD_gnutls_x509_crl_t crl, | |||
951 | } | 959 | } |
952 | 960 | ||
953 | result = | 961 | result = |
954 | MHD__gnutls_x509_get_signed_data (crl->crl, "tbsCertList", &crl_signed_data); | 962 | MHD__gnutls_x509_get_signed_data (crl->crl, "tbsCertList", |
963 | &crl_signed_data); | ||
955 | if (result < 0) | 964 | if (result < 0) |
956 | { | 965 | { |
957 | MHD_gnutls_assert (); | 966 | MHD_gnutls_assert (); |
958 | goto cleanup; | 967 | goto cleanup; |
959 | } | 968 | } |
960 | 969 | ||
961 | result = MHD__gnutls_x509_get_signature (crl->crl, "signature", &crl_signature); | 970 | result = |
971 | MHD__gnutls_x509_get_signature (crl->crl, "signature", &crl_signature); | ||
962 | if (result < 0) | 972 | if (result < 0) |
963 | { | 973 | { |
964 | MHD_gnutls_assert (); | 974 | MHD_gnutls_assert (); |
@@ -966,7 +976,8 @@ MHD__gnutls_verify_crl2 (MHD_gnutls_x509_crl_t crl, | |||
966 | } | 976 | } |
967 | 977 | ||
968 | ret = | 978 | ret = |
969 | MHD__gnutls_x509_verify_signature (&crl_signed_data, &crl_signature, issuer); | 979 | MHD__gnutls_x509_verify_signature (&crl_signed_data, &crl_signature, |
980 | issuer); | ||
970 | if (ret < 0) | 981 | if (ret < 0) |
971 | { | 982 | { |
972 | MHD_gnutls_assert (); | 983 | MHD_gnutls_assert (); |