diff options
Diffstat (limited to 'src/daemon/https/x509/x509_verify.c')
| -rw-r--r-- | src/daemon/https/x509/x509_verify.c | 139 |
1 files changed, 75 insertions, 64 deletions
diff --git a/src/daemon/https/x509/x509_verify.c b/src/daemon/https/x509/x509_verify.c index c85aa52e..35513810 100644 --- a/src/daemon/https/x509/x509_verify.c +++ b/src/daemon/https/x509/x509_verify.c | |||
| @@ -42,20 +42,21 @@ | |||
| 42 | #include <verify.h> | 42 | #include <verify.h> |
| 43 | 43 | ||
| 44 | static int MHD__gnutls_verify_certificate2 (MHD_gnutls_x509_crt_t cert, | 44 | static int MHD__gnutls_verify_certificate2 (MHD_gnutls_x509_crt_t cert, |
| 45 | const MHD_gnutls_x509_crt_t * trusted_cas, | 45 | const MHD_gnutls_x509_crt_t * |
| 46 | int tcas_size, | 46 | trusted_cas, int tcas_size, |
| 47 | unsigned int flags, | 47 | unsigned int flags, |
| 48 | unsigned int *output); | 48 | unsigned int *output); |
| 49 | int MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * signed_data, | 49 | int MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * signed_data, |
| 50 | const MHD_gnutls_datum_t * signature, | 50 | const MHD_gnutls_datum_t * signature, |
| 51 | MHD_gnutls_x509_crt_t issuer); | 51 | MHD_gnutls_x509_crt_t issuer); |
| 52 | 52 | ||
| 53 | static | 53 | static |
| 54 | int is_crl_issuer (MHD_gnutls_x509_crl_t crl, MHD_gnutls_x509_crt_t issuer_cert); | 54 | int is_crl_issuer (MHD_gnutls_x509_crl_t crl, |
| 55 | MHD_gnutls_x509_crt_t issuer_cert); | ||
| 55 | static int MHD__gnutls_verify_crl2 (MHD_gnutls_x509_crl_t crl, | 56 | static int MHD__gnutls_verify_crl2 (MHD_gnutls_x509_crl_t crl, |
| 56 | const MHD_gnutls_x509_crt_t * trusted_cas, | 57 | const MHD_gnutls_x509_crt_t * trusted_cas, |
| 57 | int tcas_size, | 58 | int tcas_size, unsigned int flags, |
| 58 | unsigned int flags, unsigned int *output); | 59 | unsigned int *output); |
| 59 | 60 | ||
| 60 | /* Checks if the issuer of a certificate is a | 61 | /* Checks if the issuer of a certificate is a |
| 61 | * Certificate Authority, or if the certificate is the same | 62 | * Certificate Authority, or if the certificate is the same |
| @@ -88,7 +89,7 @@ check_if_ca (MHD_gnutls_x509_crt_t cert, | |||
| 88 | */ | 89 | */ |
| 89 | 90 | ||
| 90 | result = MHD__gnutls_x509_get_signed_data (issuer->cert, "tbsCertificate", | 91 | result = MHD__gnutls_x509_get_signed_data (issuer->cert, "tbsCertificate", |
| 91 | &issuer_signed_data); | 92 | &issuer_signed_data); |
| 92 | if (result < 0) | 93 | if (result < 0) |
| 93 | { | 94 | { |
| 94 | MHD_gnutls_assert (); | 95 | MHD_gnutls_assert (); |
| @@ -96,7 +97,7 @@ check_if_ca (MHD_gnutls_x509_crt_t cert, | |||
| 96 | } | 97 | } |
| 97 | 98 | ||
| 98 | result = MHD__gnutls_x509_get_signed_data (cert->cert, "tbsCertificate", | 99 | result = MHD__gnutls_x509_get_signed_data (cert->cert, "tbsCertificate", |
| 99 | &cert_signed_data); | 100 | &cert_signed_data); |
| 100 | if (result < 0) | 101 | if (result < 0) |
| 101 | { | 102 | { |
| 102 | MHD_gnutls_assert (); | 103 | MHD_gnutls_assert (); |
| @@ -104,7 +105,7 @@ check_if_ca (MHD_gnutls_x509_crt_t cert, | |||
| 104 | } | 105 | } |
| 105 | 106 | ||
| 106 | result = MHD__gnutls_x509_get_signature (issuer->cert, "signature", | 107 | result = MHD__gnutls_x509_get_signature (issuer->cert, "signature", |
| 107 | &issuer_signature); | 108 | &issuer_signature); |
| 108 | if (result < 0) | 109 | if (result < 0) |
| 109 | { | 110 | { |
| 110 | MHD_gnutls_assert (); | 111 | MHD_gnutls_assert (); |
| @@ -228,9 +229,9 @@ find_issuer (MHD_gnutls_x509_crt_t cert, | |||
| 228 | */ | 229 | */ |
| 229 | static int | 230 | static int |
| 230 | MHD__gnutls_verify_certificate2 (MHD_gnutls_x509_crt_t cert, | 231 | MHD__gnutls_verify_certificate2 (MHD_gnutls_x509_crt_t cert, |
| 231 | const MHD_gnutls_x509_crt_t * trusted_cas, | 232 | const MHD_gnutls_x509_crt_t * trusted_cas, |
| 232 | int tcas_size, | 233 | int tcas_size, |
| 233 | unsigned int flags, unsigned int *output) | 234 | unsigned int flags, unsigned int *output) |
| 234 | { | 235 | { |
| 235 | MHD_gnutls_datum_t cert_signed_data = { NULL, | 236 | MHD_gnutls_datum_t cert_signed_data = { NULL, |
| 236 | 0 | 237 | 0 |
| @@ -287,7 +288,7 @@ MHD__gnutls_verify_certificate2 (MHD_gnutls_x509_crt_t cert, | |||
| 287 | } | 288 | } |
| 288 | 289 | ||
| 289 | result = MHD__gnutls_x509_get_signed_data (cert->cert, "tbsCertificate", | 290 | result = MHD__gnutls_x509_get_signed_data (cert->cert, "tbsCertificate", |
| 290 | &cert_signed_data); | 291 | &cert_signed_data); |
| 291 | if (result < 0) | 292 | if (result < 0) |
| 292 | { | 293 | { |
| 293 | MHD_gnutls_assert (); | 294 | MHD_gnutls_assert (); |
| @@ -303,7 +304,7 @@ MHD__gnutls_verify_certificate2 (MHD_gnutls_x509_crt_t cert, | |||
| 303 | } | 304 | } |
| 304 | 305 | ||
| 305 | ret = MHD__gnutls_x509_verify_signature (&cert_signed_data, &cert_signature, | 306 | ret = MHD__gnutls_x509_verify_signature (&cert_signed_data, &cert_signature, |
| 306 | issuer); | 307 | issuer); |
| 307 | if (ret < 0) | 308 | if (ret < 0) |
| 308 | { | 309 | { |
| 309 | MHD_gnutls_assert (); | 310 | MHD_gnutls_assert (); |
| @@ -360,7 +361,7 @@ cleanup:MHD__gnutls_free_datum (&cert_signed_data); | |||
| 360 | **/ | 361 | **/ |
| 361 | int | 362 | int |
| 362 | MHD_gnutls_x509_crt_check_issuer (MHD_gnutls_x509_crt_t cert, | 363 | MHD_gnutls_x509_crt_check_issuer (MHD_gnutls_x509_crt_t cert, |
| 363 | MHD_gnutls_x509_crt_t issuer) | 364 | MHD_gnutls_x509_crt_t issuer) |
| 364 | { | 365 | { |
| 365 | return is_issuer (cert, issuer); | 366 | return is_issuer (cert, issuer); |
| 366 | } | 367 | } |
| @@ -377,12 +378,12 @@ MHD_gnutls_x509_crt_check_issuer (MHD_gnutls_x509_crt_t cert, | |||
| 377 | * lead to a trusted CA in order to be trusted. | 378 | * lead to a trusted CA in order to be trusted. |
| 378 | */ | 379 | */ |
| 379 | static unsigned int | 380 | static unsigned int |
| 380 | MHD__gnutls_x509_verify_certificate (const MHD_gnutls_x509_crt_t * certificate_list, | 381 | MHD__gnutls_x509_verify_certificate (const MHD_gnutls_x509_crt_t * |
| 381 | int clist_size, | 382 | certificate_list, int clist_size, |
| 382 | const MHD_gnutls_x509_crt_t * trusted_cas, | 383 | const MHD_gnutls_x509_crt_t * |
| 383 | int tcas_size, | 384 | trusted_cas, int tcas_size, |
| 384 | const MHD_gnutls_x509_crl_t * CRLs, | 385 | const MHD_gnutls_x509_crl_t * CRLs, |
| 385 | int crls_size, unsigned int flags) | 386 | int crls_size, unsigned int flags) |
| 386 | { | 387 | { |
| 387 | int i = 0, ret; | 388 | int i = 0, ret; |
| 388 | unsigned int status = 0, output; | 389 | unsigned int status = 0, output; |
| @@ -394,7 +395,8 @@ MHD__gnutls_x509_verify_certificate (const MHD_gnutls_x509_crt_t * certificate_l | |||
| 394 | * in self signed etc certificates. | 395 | * in self signed etc certificates. |
| 395 | */ | 396 | */ |
| 396 | ret = MHD__gnutls_verify_certificate2 (certificate_list[clist_size - 1], | 397 | ret = MHD__gnutls_verify_certificate2 (certificate_list[clist_size - 1], |
| 397 | trusted_cas, tcas_size, flags, &output); | 398 | trusted_cas, tcas_size, flags, |
| 399 | &output); | ||
| 398 | 400 | ||
| 399 | if (ret == 0) | 401 | if (ret == 0) |
| 400 | { | 402 | { |
| @@ -414,7 +416,7 @@ MHD__gnutls_x509_verify_certificate (const MHD_gnutls_x509_crt_t * certificate_l | |||
| 414 | for (i = 0; i < clist_size; i++) | 416 | for (i = 0; i < clist_size; i++) |
| 415 | { | 417 | { |
| 416 | ret = MHD_gnutls_x509_crt_check_revocation (certificate_list[i], | 418 | ret = MHD_gnutls_x509_crt_check_revocation (certificate_list[i], |
| 417 | CRLs, crls_size); | 419 | CRLs, crls_size); |
| 418 | if (ret == 1) | 420 | if (ret == 1) |
| 419 | { /* revoked */ | 421 | { /* revoked */ |
| 420 | status |= GNUTLS_CERT_REVOKED; | 422 | status |= GNUTLS_CERT_REVOKED; |
| @@ -429,7 +431,7 @@ MHD__gnutls_x509_verify_certificate (const MHD_gnutls_x509_crt_t * certificate_l | |||
| 429 | * leads to a trusted party by us, not the server's). | 431 | * leads to a trusted party by us, not the server's). |
| 430 | */ | 432 | */ |
| 431 | if (MHD_gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], | 433 | if (MHD_gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], |
| 432 | certificate_list[clist_size - 1]) > 0 | 434 | certificate_list[clist_size - 1]) > 0 |
| 433 | && clist_size > 0) | 435 | && clist_size > 0) |
| 434 | { | 436 | { |
| 435 | clist_size--; | 437 | clist_size--; |
| @@ -448,8 +450,8 @@ MHD__gnutls_x509_verify_certificate (const MHD_gnutls_x509_crt_t * certificate_l | |||
| 448 | if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) | 450 | if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) |
| 449 | flags ^= GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT; | 451 | flags ^= GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT; |
| 450 | if ((ret = MHD__gnutls_verify_certificate2 (certificate_list[i - 1], | 452 | if ((ret = MHD__gnutls_verify_certificate2 (certificate_list[i - 1], |
| 451 | &certificate_list[i], 1, flags, | 453 | &certificate_list[i], 1, |
| 452 | NULL)) == 0) | 454 | flags, NULL)) == 0) |
| 453 | { | 455 | { |
| 454 | status |= GNUTLS_CERT_INVALID; | 456 | status |= GNUTLS_CERT_INVALID; |
| 455 | return status; | 457 | return status; |
| @@ -474,8 +476,8 @@ decode_ber_digest_info (const MHD_gnutls_datum_t * info, | |||
| 474 | int len; | 476 | int len; |
| 475 | 477 | ||
| 476 | if ((result = MHD__asn1_create_element (MHD__gnutls_getMHD__gnutls_asn (), | 478 | if ((result = MHD__asn1_create_element (MHD__gnutls_getMHD__gnutls_asn (), |
| 477 | "GNUTLS.DigestInfo", | 479 | "GNUTLS.DigestInfo", |
| 478 | &dinfo)) != ASN1_SUCCESS) | 480 | &dinfo)) != ASN1_SUCCESS) |
| 479 | { | 481 | { |
| 480 | MHD_gnutls_assert (); | 482 | MHD_gnutls_assert (); |
| 481 | return MHD_gtls_asn2err (result); | 483 | return MHD_gtls_asn2err (result); |
| @@ -490,7 +492,8 @@ decode_ber_digest_info (const MHD_gnutls_datum_t * info, | |||
| 490 | } | 492 | } |
| 491 | 493 | ||
| 492 | len = sizeof (str) - 1; | 494 | len = sizeof (str) - 1; |
| 493 | result = MHD__asn1_read_value (dinfo, "digestAlgorithm.algorithm", str, &len); | 495 | result = |
| 496 | MHD__asn1_read_value (dinfo, "digestAlgorithm.algorithm", str, &len); | ||
| 494 | if (result != ASN1_SUCCESS) | 497 | if (result != ASN1_SUCCESS) |
| 495 | { | 498 | { |
| 496 | MHD_gnutls_assert (); | 499 | MHD_gnutls_assert (); |
| @@ -511,7 +514,8 @@ decode_ber_digest_info (const MHD_gnutls_datum_t * info, | |||
| 511 | } | 514 | } |
| 512 | 515 | ||
| 513 | len = sizeof (str) - 1; | 516 | len = sizeof (str) - 1; |
| 514 | result = MHD__asn1_read_value (dinfo, "digestAlgorithm.parameters", str, &len); | 517 | result = |
| 518 | MHD__asn1_read_value (dinfo, "digestAlgorithm.parameters", str, &len); | ||
| 515 | /* To avoid permitting garbage in the parameters field, either the | 519 | /* To avoid permitting garbage in the parameters field, either the |
| 516 | parameters field is not present, or it contains 0x05 0x00. */ | 520 | parameters field is not present, or it contains 0x05 0x00. */ |
| 517 | if (! | 521 | if (! |
| @@ -640,8 +644,8 @@ verify_sig (const MHD_gnutls_datum_t * tbs, | |||
| 640 | */ | 644 | */ |
| 641 | int | 645 | int |
| 642 | MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * tbs, | 646 | MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * tbs, |
| 643 | const MHD_gnutls_datum_t * signature, | 647 | const MHD_gnutls_datum_t * signature, |
| 644 | MHD_gnutls_x509_crt_t issuer) | 648 | MHD_gnutls_x509_crt_t issuer) |
| 645 | { | 649 | { |
| 646 | mpi_t issuer_params[MAX_PUBLIC_PARAMS_SIZE]; | 650 | mpi_t issuer_params[MAX_PUBLIC_PARAMS_SIZE]; |
| 647 | int ret, issuer_params_size, i; | 651 | int ret, issuer_params_size, i; |
| @@ -650,16 +654,18 @@ MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * tbs, | |||
| 650 | */ | 654 | */ |
| 651 | issuer_params_size = MAX_PUBLIC_PARAMS_SIZE; | 655 | issuer_params_size = MAX_PUBLIC_PARAMS_SIZE; |
| 652 | ret = | 656 | ret = |
| 653 | MHD__gnutls_x509_crt_get_mpis (issuer, issuer_params, &issuer_params_size); | 657 | MHD__gnutls_x509_crt_get_mpis (issuer, issuer_params, |
| 658 | &issuer_params_size); | ||
| 654 | if (ret < 0) | 659 | if (ret < 0) |
| 655 | { | 660 | { |
| 656 | MHD_gnutls_assert (); | 661 | MHD_gnutls_assert (); |
| 657 | return ret; | 662 | return ret; |
| 658 | } | 663 | } |
| 659 | 664 | ||
| 660 | ret = verify_sig (tbs, signature, MHD_gnutls_x509_crt_get_pk_algorithm (issuer, | 665 | ret = |
| 661 | NULL), | 666 | verify_sig (tbs, signature, |
| 662 | issuer_params, issuer_params_size); | 667 | MHD_gnutls_x509_crt_get_pk_algorithm (issuer, NULL), |
| 668 | issuer_params, issuer_params_size); | ||
| 663 | if (ret < 0) | 669 | if (ret < 0) |
| 664 | { | 670 | { |
| 665 | MHD_gnutls_assert (); | 671 | MHD_gnutls_assert (); |
| @@ -683,8 +689,9 @@ MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * tbs, | |||
| 683 | */ | 689 | */ |
| 684 | int | 690 | int |
| 685 | MHD__gnutls_x509_privkey_verify_signature (const MHD_gnutls_datum_t * tbs, | 691 | MHD__gnutls_x509_privkey_verify_signature (const MHD_gnutls_datum_t * tbs, |
| 686 | const MHD_gnutls_datum_t * signature, | 692 | const MHD_gnutls_datum_t * |
| 687 | MHD_gnutls_x509_privkey_t issuer) | 693 | signature, |
| 694 | MHD_gnutls_x509_privkey_t issuer) | ||
| 688 | { | 695 | { |
| 689 | int ret; | 696 | int ret; |
| 690 | 697 | ||
| @@ -734,12 +741,12 @@ MHD__gnutls_x509_privkey_verify_signature (const MHD_gnutls_datum_t * tbs, | |||
| 734 | **/ | 741 | **/ |
| 735 | int | 742 | int |
| 736 | MHD_gnutls_x509_crt_list_verify (const MHD_gnutls_x509_crt_t * cert_list, | 743 | MHD_gnutls_x509_crt_list_verify (const MHD_gnutls_x509_crt_t * cert_list, |
| 737 | int cert_list_length, | 744 | int cert_list_length, |
| 738 | const MHD_gnutls_x509_crt_t * CA_list, | 745 | const MHD_gnutls_x509_crt_t * CA_list, |
| 739 | int CA_list_length, | 746 | int CA_list_length, |
| 740 | const MHD_gnutls_x509_crl_t * CRL_list, | 747 | const MHD_gnutls_x509_crl_t * CRL_list, |
| 741 | int CRL_list_length, | 748 | int CRL_list_length, |
| 742 | unsigned int flags, unsigned int *verify) | 749 | unsigned int flags, unsigned int *verify) |
| 743 | { | 750 | { |
| 744 | if (cert_list == NULL || cert_list_length == 0) | 751 | if (cert_list == NULL || cert_list_length == 0) |
| 745 | return GNUTLS_E_NO_CERTIFICATE_FOUND; | 752 | return GNUTLS_E_NO_CERTIFICATE_FOUND; |
| @@ -747,9 +754,9 @@ MHD_gnutls_x509_crt_list_verify (const MHD_gnutls_x509_crt_t * cert_list, | |||
| 747 | /* Verify certificate | 754 | /* Verify certificate |
| 748 | */ | 755 | */ |
| 749 | *verify = MHD__gnutls_x509_verify_certificate (cert_list, cert_list_length, | 756 | *verify = MHD__gnutls_x509_verify_certificate (cert_list, cert_list_length, |
| 750 | CA_list, CA_list_length, | 757 | CA_list, CA_list_length, |
| 751 | CRL_list, CRL_list_length, | 758 | CRL_list, CRL_list_length, |
| 752 | flags); | 759 | flags); |
| 753 | 760 | ||
| 754 | return 0; | 761 | return 0; |
| 755 | } | 762 | } |
| @@ -770,15 +777,15 @@ MHD_gnutls_x509_crt_list_verify (const MHD_gnutls_x509_crt_t * cert_list, | |||
| 770 | **/ | 777 | **/ |
| 771 | int | 778 | int |
| 772 | MHD_gnutls_x509_crt_verify (MHD_gnutls_x509_crt_t cert, | 779 | MHD_gnutls_x509_crt_verify (MHD_gnutls_x509_crt_t cert, |
| 773 | const MHD_gnutls_x509_crt_t * CA_list, | 780 | const MHD_gnutls_x509_crt_t * CA_list, |
| 774 | int CA_list_length, | 781 | int CA_list_length, |
| 775 | unsigned int flags, unsigned int *verify) | 782 | unsigned int flags, unsigned int *verify) |
| 776 | { | 783 | { |
| 777 | int ret; | 784 | int ret; |
| 778 | /* Verify certificate | 785 | /* Verify certificate |
| 779 | */ | 786 | */ |
| 780 | ret = MHD__gnutls_verify_certificate2 (cert, CA_list, CA_list_length, flags, | 787 | ret = MHD__gnutls_verify_certificate2 (cert, CA_list, CA_list_length, flags, |
| 781 | verify); | 788 | verify); |
| 782 | if (ret < 0) | 789 | if (ret < 0) |
| 783 | { | 790 | { |
| 784 | MHD_gnutls_assert (); | 791 | MHD_gnutls_assert (); |
| @@ -804,7 +811,7 @@ MHD_gnutls_x509_crt_verify (MHD_gnutls_x509_crt_t cert, | |||
| 804 | **/ | 811 | **/ |
| 805 | int | 812 | int |
| 806 | MHD_gnutls_x509_crl_check_issuer (MHD_gnutls_x509_crl_t cert, | 813 | MHD_gnutls_x509_crl_check_issuer (MHD_gnutls_x509_crl_t cert, |
| 807 | MHD_gnutls_x509_crt_t issuer) | 814 | MHD_gnutls_x509_crt_t issuer) |
| 808 | { | 815 | { |
| 809 | return is_crl_issuer (cert, issuer); | 816 | return is_crl_issuer (cert, issuer); |
| 810 | } | 817 | } |
| @@ -826,9 +833,9 @@ MHD_gnutls_x509_crl_check_issuer (MHD_gnutls_x509_crl_t cert, | |||
| 826 | **/ | 833 | **/ |
| 827 | int | 834 | int |
| 828 | MHD_gnutls_x509_crl_verify (MHD_gnutls_x509_crl_t crl, | 835 | MHD_gnutls_x509_crl_verify (MHD_gnutls_x509_crl_t crl, |
| 829 | const MHD_gnutls_x509_crt_t * CA_list, | 836 | const MHD_gnutls_x509_crt_t * CA_list, |
| 830 | int CA_list_length, unsigned int flags, | 837 | int CA_list_length, unsigned int flags, |
| 831 | unsigned int *verify) | 838 | unsigned int *verify) |
| 832 | { | 839 | { |
| 833 | int ret; | 840 | int ret; |
| 834 | /* Verify crl | 841 | /* Verify crl |
| @@ -906,8 +913,9 @@ find_crl_issuer (MHD_gnutls_x509_crl_t crl, | |||
| 906 | */ | 913 | */ |
| 907 | static int | 914 | static int |
| 908 | MHD__gnutls_verify_crl2 (MHD_gnutls_x509_crl_t crl, | 915 | MHD__gnutls_verify_crl2 (MHD_gnutls_x509_crl_t crl, |
| 909 | const MHD_gnutls_x509_crt_t * trusted_cas, | 916 | const MHD_gnutls_x509_crt_t * trusted_cas, |
| 910 | int tcas_size, unsigned int flags, unsigned int *output) | 917 | int tcas_size, unsigned int flags, |
| 918 | unsigned int *output) | ||
| 911 | { | 919 | { |
| 912 | /* CRL is ignored for now */ | 920 | /* CRL is ignored for now */ |
| 913 | MHD_gnutls_datum_t crl_signed_data = { NULL, 0 }; | 921 | MHD_gnutls_datum_t crl_signed_data = { NULL, 0 }; |
| @@ -951,14 +959,16 @@ MHD__gnutls_verify_crl2 (MHD_gnutls_x509_crl_t crl, | |||
| 951 | } | 959 | } |
| 952 | 960 | ||
| 953 | result = | 961 | result = |
| 954 | MHD__gnutls_x509_get_signed_data (crl->crl, "tbsCertList", &crl_signed_data); | 962 | MHD__gnutls_x509_get_signed_data (crl->crl, "tbsCertList", |
| 963 | &crl_signed_data); | ||
| 955 | if (result < 0) | 964 | if (result < 0) |
| 956 | { | 965 | { |
| 957 | MHD_gnutls_assert (); | 966 | MHD_gnutls_assert (); |
| 958 | goto cleanup; | 967 | goto cleanup; |
| 959 | } | 968 | } |
| 960 | 969 | ||
| 961 | result = MHD__gnutls_x509_get_signature (crl->crl, "signature", &crl_signature); | 970 | result = |
| 971 | MHD__gnutls_x509_get_signature (crl->crl, "signature", &crl_signature); | ||
| 962 | if (result < 0) | 972 | if (result < 0) |
| 963 | { | 973 | { |
| 964 | MHD_gnutls_assert (); | 974 | MHD_gnutls_assert (); |
| @@ -966,7 +976,8 @@ MHD__gnutls_verify_crl2 (MHD_gnutls_x509_crl_t crl, | |||
| 966 | } | 976 | } |
| 967 | 977 | ||
| 968 | ret = | 978 | ret = |
| 969 | MHD__gnutls_x509_verify_signature (&crl_signed_data, &crl_signature, issuer); | 979 | MHD__gnutls_x509_verify_signature (&crl_signed_data, &crl_signature, |
| 980 | issuer); | ||
| 970 | if (ret < 0) | 981 | if (ret < 0) |
| 971 | { | 982 | { |
| 972 | MHD_gnutls_assert (); | 983 | MHD_gnutls_assert (); |