]> ruderich.org/simon Gitweb - tlsproxy/tlsproxy.git/commitdiff
Ensure proxy-ca.pem contains only one CA.
authorSimon Ruderich <simon@ruderich.org>
Fri, 9 Aug 2013 15:44:24 +0000 (17:44 +0200)
committerSimon Ruderich <simon@ruderich.org>
Fri, 9 Aug 2013 16:32:07 +0000 (18:32 +0200)
src/connection.c

index d69c2faf6c30874bb8f093ffeed0e260b2f7685a..2b0f5d55c8ec3ea30cf499c2adaedde60d0a9169 100644 (file)
@@ -406,6 +406,11 @@ static int initialize_tls_session_client(int peer_socket,
                 PROXY_CA_PATH);
             gnutls_certificate_free_credentials(*x509_cred);
             return -1;
+        } else if (result != 1) {
+            /* Must contain only one CA, our proxy CA. */
+            LOG(ERROR, "initialize_tls_session_client(): multiple CAs found");
+            gnutls_certificate_free_credentials(*x509_cred);
+            return -1;
         }
     }
     /* If the invalid hostname was specified do nothing, we use a self-signed