net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-1959.patch - mirrors/cros/chromiumos/overlays/portage-stable - Git at Google

 --- a/lib/x509/verify.c
 +++ b/lib/x509/verify.c
 @@ -692,8 +693,10 @@
        /* note that here we disable this V1 CA flag. So that no version 1
         * certificates can exist in a supplied chain.
         */
 -      if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT))
 +      if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) {
          flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
 +        flags |= GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT;
 +      }
        if ((ret =
             _gnutls_verify_certificate2(certificate_list[i - 1],
                 &certificate_list[i], 1,
	--- a/lib/x509/verify.c
	+++ b/lib/x509/verify.c
	@@ -692,8 +693,10 @@
	/* note that here we disable this V1 CA flag. So that no version 1
	* certificates can exist in a supplied chain.
	*/
	- if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT))
	+ if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) {
	flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
	+ flags \|= GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT;
	+ }
	if ((ret =
	_gnutls_verify_certificate2(certificate_list[i - 1],
	&certificate_list[i], 1,