diff options
Diffstat (limited to 'meta/recipes-support/gnutls/gnutls/CVE-2014-1959-rejection-of-v1-intermediate-cert.patch')
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/CVE-2014-1959-rejection-of-v1-intermediate-cert.patch | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2014-1959-rejection-of-v1-intermediate-cert.patch b/meta/recipes-support/gnutls/gnutls/CVE-2014-1959-rejection-of-v1-intermediate-cert.patch deleted file mode 100644 index 6567257..0000000 --- a/meta/recipes-support/gnutls/gnutls/CVE-2014-1959-rejection-of-v1-intermediate-cert.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 467478d8ff08a3cb4be3034ff04c9d08a0ceba3e Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: Wed, 12 Feb 2014 16:41:33 +0100 -Subject: [PATCH 1/5] Fixed bug that prevented the rejection of v1 intermediate - CA certificates. - -Upstream-Status: Backport - -Signed-off-by: Karl Hiramoto <karl@hiramoto.org> - ---- - lib/x509/verify.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/lib/x509/verify.c b/lib/x509/verify.c -index 2efcebf..c9a6b0d 100644 ---- a/lib/x509/verify.c -+++ b/lib/x509/verify.c -@@ -645,7 +645,10 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, - * certificates can exist in a supplied chain. - */ - if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) -- flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); -+ { -+ flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); -+ flags |= GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT; -+ } - if ((ret = - _gnutls_verify_certificate2 (certificate_list[i - 1], - &certificate_list[i], 1, flags, --- -1.8.3.2 - |