head	1.3;
access;
symbols
	RELEASE_7_1_0:1.2
	RELEASE_6_4_0:1.2;
locks; strict;
comment	@# @;


1.3
date	2009.01.06.17.55.54;	author novel;	state dead;
branches;
next	1.2;

1.2
date	2008.11.19.10.36.46;	author pav;	state Exp;
branches;
next	1.1;

1.1
date	2008.11.16.08.47.08;	author novel;	state Exp;
branches;
next	;


desc
@@


1.3
log
@- Update to 2.6.3
- Remove WITH_OPENCDK knob since it's not relevant anymore
- Add WITH_LZO knob

PR:		127330 (partially)
Submitted by:	Yarema <yds@@CoolRat.org>
@
text
@--- lib/x509/verify.c.orig	2008-09-16 00:04:19.000000000 +0400
+++ lib/x509/verify.c	2008-11-14 16:06:59.000000000 +0300
@@@@ -414,17 +425,6 @@@@
     }
 #endif
 
-  /* Check if the last certificate in the path is self signed.
-   * In that case ignore it (a certificate is trusted only if it
-   * leads to a trusted party by us, not the server's).
-   */
-  if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
-				    certificate_list[clist_size - 1]) > 0
-      && clist_size > 0)
-    {
-      clist_size--;
-    }
-
   /* Verify the certificate path (chain) 
    */
   for (i = clist_size - 1; i > 0; i--)
@


1.2
log
@- Fix the patch for CVE-2008-4989 not to cause segfaults on runtime anymore

PR:		ports/128868
Obtained from:	vendor
@
text
@@


1.1
log
@- Update to 2.4.2
- Fix CVE-2008-4989

PR:		128868
Submitted by:	Eygene Ryabinkin <rea-fbsd@@codelabs.ru>
@
text
@a2 18
@@@@ -376,6 +376,17 @@@@
   int i = 0, ret;
   unsigned int status = 0, output;
 
+  /* Check if the last certificate in the path is self signed.
+   * In that case ignore it (a certificate is trusted only if it
+   * leads to a trusted party by us, not the server's).
+   */
+  if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
+				    certificate_list[clist_size - 1]) > 0
+      && clist_size > 0)
+    {
+      clist_size--;
+    }
+
   /* Verify the last certificate in the certificate path
    * against the trusted CA certificate list.
    *
@

