summaryrefslogtreecommitdiff
path: root/src/gmcerts.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/gmcerts.c')
-rw-r--r--src/gmcerts.c8
1 files changed, 3 insertions, 5 deletions
diff --git a/src/gmcerts.c b/src/gmcerts.c
index 9073f2e7..36fd7d55 100644
--- a/src/gmcerts.c
+++ b/src/gmcerts.c
@@ -457,10 +457,8 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, uint16_t port, const iTls
457 return iFalse; 457 return iFalse;
458 } 458 }
459 /* We trust CA verification implicitly. */ 459 /* We trust CA verification implicitly. */
460 const iBool isCATrusted = (verify_TlsCertificate(cert) == authority_TlsCertificateVerifyStatus); 460 const iBool isCATrusted = (verify_TlsCertificate(cert) == authority_TlsCertificateVerifyStatus);
461 if (!verifyDomain_GmCerts(cert, domain)) { 461 const iBool isDomainValid = verifyDomain_GmCerts(cert, domain);
462 return iFalse;
463 }
464 /* TODO: Could call setTrusted_GmCerts() instead of duplicating the trust-setting. */ 462 /* TODO: Could call setTrusted_GmCerts() instead of duplicating the trust-setting. */
465 /* Good certificate. If not already trusted, add it now. */ 463 /* Good certificate. If not already trusted, add it now. */
466 iDate until; 464 iDate until;
@@ -470,7 +468,7 @@ iBool checkTrust_GmCerts(iGmCerts *d, iRangecc domain, uint16_t port, const iTls
470 init_String(&key); 468 init_String(&key);
471 makeTrustKey_(domain, port, &key); 469 makeTrustKey_(domain, port, &key);
472 lock_Mutex(d->mtx); 470 lock_Mutex(d->mtx);
473 iBool ok = !isExpired_TlsCertificate(cert); 471 iBool ok = isDomainValid && !isExpired_TlsCertificate(cert);
474 iTrustEntry *trust = value_StringHash(d->trusted, &key); 472 iTrustEntry *trust = value_StringHash(d->trusted, &key);
475 if (trust) { 473 if (trust) {
476 /* We already have it, check if it matches the one we trust for this domain (if it's 474 /* We already have it, check if it matches the one we trust for this domain (if it's