On Wed, Nov 12, 2008 at 12:15 PM, Simon Josefsson <[EMAIL PROTECTED]> wrote:
>> You mean just removing this code snippet instead of moving it? >> >> /* Check if the last certificate in the path is self signed. >> * In that case ignore it (a certificate is trusted only if it >> * leads to a trusted party by us, not the server's). >> */ >> if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], >> certificate_list[clist_size - 1]) > 0 >> && clist_size > 0) >> { >> clist_size--; >> } > > Yes. > >> Yes, this works. However, I wonder whether this code has any use. > Getting Nikos' comment on this would be useful. I guess we have two > choices: > > 1) Remove the code. Fixes both crash and vulnerability. My suggestion is to remove the offending code. regards, Nikos -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]