Bug 660508 – correctly handle self-signed anchor certificates

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 660508 - correctly handle self-signed anchor certificates


Summary:	correctly handle self-signed anchor certificates


Status:	RESOLVED FIXED

Product:	glib
Classification:	Platform
Component:	network
Version:	unspecified
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gtkdev
QA Contact:	gtkdev

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2011-09-29 18:55 UTC by Dan Winship
Modified:	2011-09-29 19:11 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
gnutls: correctly handle self-signed anchor certificates (1.60 KB, patch) 2011-09-29 18:55 UTC, Dan Winship	none	Details \| Review
gnutls: correctly handle self-signed anchor certificates (2.69 KB, patch) 2011-09-29 19:03 UTC, Dan Winship	committed	Details \| Review

Description Dan Winship 2011-09-29 18:55:41 UTC

If a self-signed certificate is an anchor of the database, then it
should verify according to g_tls_database_verify_chain(); we were
accidentally reporting G_TLS_CERTIFICATE_UNKNOWN_CA in this case.

Comment 1 Dan Winship 2011-09-29 18:55:43 UTC

Created attachment 197797 [details] [review]
gnutls: correctly handle self-signed anchor certificates

Comment 2 Dan Winship 2011-09-29 19:03:21 UTC

Created attachment 197799 [details] [review]
gnutls: correctly handle self-signed anchor certificates

====

update to just rearrange the loop instead

Comment 3 Dan Winship 2011-09-29 19:11:21 UTC

committed after discussion on IRC