Skip to content

Commit

Permalink
Try to compare certs before replacement.
Browse files Browse the repository at this point in the history
@headius
headius committed Nov 2, 2017
1 parent affc285 commit 80f4b85
Showing 1 changed file with 8 additions and 4 deletions.
12 changes: 8 additions & 4 deletions src/main/java/org/jruby/ext/openssl/x509store/StoreContext.java
View file
Original file line number Diff line number Diff line change
@@ -674,10 +674,14 @@ public int verifyCertificate() throws Exception {
int ok = getBySubject(X509Utils.X509_LU_X509, new Name(principal), objTmp);
if (ok == X509Utils.X509_LU_X509) {
// replace old with new and clear rest of untrusted
iter.set(((Certificate) objTmp[0]).x509);
while (iter.hasNext()) {
iter.next();
iter.remove();
Certificate certificate = (Certificate) objTmp[0];
if (certificate.x509.equals(skCert)) {
iter.set(certificate.x509);
while (iter.hasNext()) {
iter.next();
iter.remove();
}
break;
}
}
}

0 comments on commit 80f4b85

Please sign in to comment.