Commit 6e76e9b9 authored by Nikos Mavrogiannopoulos's avatar Nikos Mavrogiannopoulos Committed by Nikos Mavrogiannopoulos

on certificate import check whether the two signature algorithms match

parent 1f2bbe17
......@@ -186,7 +186,7 @@ gnutls_x509_crt_import(gnutls_x509_crt_t cert,
gnutls_x509_crt_fmt_t format)
{
int result = 0;
int version;
int version, s2;
if (cert == NULL) {
gnutls_assert();
......@@ -247,6 +247,23 @@ gnutls_x509_crt_import(gnutls_x509_crt_t cert,
goto cleanup;
}
result = _gnutls_x509_get_signature_algorithm(cert->cert,
"signatureAlgorithm.algorithm");
if (result < 0) {
gnutls_assert();
goto cleanup;
}
s2 = _gnutls_x509_get_signature_algorithm(cert->cert,
"tbsCertificate.signature.algorithm");
if (result != s2) {
_gnutls_debug_log("signatureAlgorithm.algorithm differs from tbsCertificate.signature.algorithm: %s, %s\n",
gnutls_sign_get_name(result), gnutls_sign_get_name(s2));
gnutls_assert();
result = GNUTLS_E_CERTIFICATE_ERROR;
goto cleanup;
}
result = _gnutls_x509_get_raw_field2(cert->cert, &cert->der,
"tbsCertificate.issuer.rdnSequence",
&cert->raw_issuer_dn);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment