Commit 195cac7d authored by Tom Carroll's avatar Tom Carroll

Use separate counters for inner and outer loop.

The inner and outer loop share a counter. The inner loop resets the
counter to zero when entering the loop. I don't believe this is the
intention from an examination of the code. Have inner and outer loops
use separate counters.
Signed-off-by: default avatarTom Carroll <incentivedesign@gmail.com>
parent 4a1fda35
......@@ -1492,7 +1492,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
match. So sign some dummy data and then check the signature against each
of the available certificates until we find the right one. */
if (pkey) {
unsigned i;
unsigned i, j;
gnutls_digest_algorithm_t dig;
/* The TPM code may have already signed it, to test authorisation. We
......@@ -1528,11 +1528,11 @@ static int load_certificate(struct openconnect_info *vpninfo)
}
/* If extra_certs[] is NULL, we have one candidate in 'cert' to check. */
for (i = 0; i < (extra_certs ? nr_extra_certs : 1); i++) {
for (j = 0; j < (extra_certs ? nr_extra_certs : 1); j++) {
gnutls_pubkey_t pubkey;
gnutls_pubkey_init(&pubkey);
err = gnutls_pubkey_import_x509(pubkey, extra_certs ? extra_certs[i] : cert, 0);
err = gnutls_pubkey_import_x509(pubkey, extra_certs ? extra_certs[j] : cert, 0);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Error validating signature against certificate: %s\n"),
......@@ -1546,8 +1546,8 @@ static int load_certificate(struct openconnect_info *vpninfo)
if (err >= 0) {
if (extra_certs) {
cert = extra_certs[i];
extra_certs[i] = NULL;
cert = extra_certs[j];
extra_certs[j] = NULL;
}
gnutls_free(pkey_sig.data);
pkey_sig.data = NULL;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment