From 7db4dbf03b21e382622d452afda5e28db31d0185 Mon Sep 17 00:00:00 2001 From: Carlos Garcia Campos Date: Thu, 21 Apr 2016 12:28:05 +0200 Subject: [PATCH] gnutls: Prevent cycles when building the certificate chain Explicitly check self-signed certificates and leave a NULL issuer in that case. https://bugzilla.gnome.org/show_bug.cgi?id=765317 --- tls/gnutls/gtlscertificate-gnutls.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tls/gnutls/gtlscertificate-gnutls.c b/tls/gnutls/gtlscertificate-gnutls.c index 4ff996c..8dd0544 100644 --- a/tls/gnutls/gtlscertificate-gnutls.c +++ b/tls/gnutls/gtlscertificate-gnutls.c @@ -722,6 +722,10 @@ g_tls_certificate_gnutls_build_chain (const gnutls_datum_t *certs, { issuer = NULL; + /* Check if the cert issued itself */ + if (gnutls_x509_crt_check_issuer (gnutls_certs[i], gnutls_certs[i])) + continue; + if (i < num_certs - 1 && gnutls_x509_crt_check_issuer (gnutls_certs[i], gnutls_certs[i + 1])) { -- 2.5.5