Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-1959.patch
blob: 28989c97ceb7d0cf3ef945959896e909f7fcbadb (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14

--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -692,8 +693,10 @@
       /* note that here we disable this V1 CA flag. So that no version 1
        * certificates can exist in a supplied chain.
        */
-      if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT))
+      if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) {
         flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
+        flags |= GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT;
+      }
       if ((ret =
            _gnutls_verify_certificate2(certificate_list[i - 1],
                &certificate_list[i], 1,