...
|
...
|
@@ -840,6 +840,9 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg
|
840
|
840
|
x509 = newcerts.crts;
|
841
|
841
|
cli_dbgmsg("asn1_parse_mscat: %u new certificates collected\n", newcerts.items);
|
842
|
842
|
while(x509) {
|
|
843
|
+ cli_crt *parent = crtmgr_verify_crt(cmgr, x509);
|
|
844
|
+
|
|
845
|
+ /* Dump the cert if requested before anything happens to it */
|
843
|
846
|
if (engine->dconf->pe & PE_CONF_DUMPCERT) {
|
844
|
847
|
char issuer[SHA1_HASH_SIZE*2+1], subject[SHA1_HASH_SIZE*2+1], serial[SHA1_HASH_SIZE*2+1];
|
845
|
848
|
char mod[1024], exp[1024];
|
...
|
...
|
@@ -855,7 +858,7 @@ static int asn1_parse_mscat(fmap_t *map, size_t offset, unsigned int size, crtmg
|
855
|
855
|
|
856
|
856
|
cli_dbgmsg_internal("cert subject:%s serial:%s pubkey:%s i:%s %lu->%lu %s %s %s\n", subject, serial, mod, issuer, (unsigned long)x509->not_before, (unsigned long)x509->not_after, x509->certSign ? "cert" : "", x509->codeSign ? "code" : "", x509->timeSign ? "time" : "");
|
857
|
857
|
}
|
858
|
|
- cli_crt *parent = crtmgr_verify_crt(cmgr, x509);
|
|
858
|
+
|
859
|
859
|
if(parent) {
|
860
|
860
|
if (parent->isBlacklisted)
|
861
|
861
|
isBlacklisted = 1;
|