gnutls_x509_trust_list_remove_cas() and derivatives will utilize a black list.
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 16 Dec 2013 11:56:02 +0000 (12:56 +0100)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 16 Dec 2013 12:01:51 +0000 (13:01 +0100)
commit8aa1da17e0b3664412e74a928f52236e646634c7
tree64d609fae1706aa5b8856ee93f0d8e5197223f09
parent338af5e51491ca94dbf04c2d77d3af6c3c05d369
gnutls_x509_trust_list_remove_cas() and derivatives will utilize a black list.

When a CA or certificate is removed from the trusted list, it is also
added in a blacklist to ensure that it will not be accepted due to
interdependency (e.g., it is a subordinate CA), or because it is not a CA.
lib/x509/verify-high.c
lib/x509/verify-high2.c