gnutls: Build the certificate chain recursively instead of using a loop
We are currently checking every certificate in the chain and also looking for an issuer in the database for the last certificate of the chain. Now build_certificate_chain is called recursively so that for all issuers that fail, we also try to find an issuer in the database, instead of just for the last one. Pinned certificates are now handled by the caller since they are done only once for the first certificate. This fixes the case of fbcdn-dragon-a.akamaihd.net for which all the certificates in the chain are not anchored, but we can find an issuer in the database for the second certificate that is anchored. https://bugzilla.gnome.org/show_bug.cgi?id=750457
parent
f03b51bc
Please register or sign in to comment