Remove increment inside loop when validating intermediate CA (#4780)

russcam · web-flow · commit 185d18536765 · 2020-06-17T15:56:56.000+10:00
This commit fixes a bug when validating an intermediate CA to remove the increment inside of the loop, since it is incremented outside the loop already. Don't check the certificate thumbprint against the CA thumbprint if it's already been found. Fixes #4717
diff --git a/src/Elasticsearch.Net/Connection/CertificateValidations.cs b/src/Elasticsearch.Net/Connection/CertificateValidations.cs
@@ -119,12 +119,10 @@ X509RevocationMode revocationMode
 			{
 				var c = chain.ChainElements[i].Certificate.Thumbprint;
 				var cPrivate = privateChain.ChainElements[i].Certificate.Thumbprint;
-				if (c == ca.Thumbprint) found = true;
+				if (!found && c == ca.Thumbprint) found = true;
 
 				//mis aligned certificate chain, return false so we do not accept this certificate
 				if (c != cPrivate) return false;
-
-				i++;
 			}
 			return found;
 		}

Original file line number	Diff line number	Diff line change
`@@ -119,12 +119,10 @@ X509RevocationMode revocationMode`
`119`	`119`	`{`
`120`	`120`	`var c = chain.ChainElements[i].Certificate.Thumbprint;`
`121`	`121`	`var cPrivate = privateChain.ChainElements[i].Certificate.Thumbprint;`
`122`		`- if (c == ca.Thumbprint) found = true;`
	`122`	`+ if (!found && c == ca.Thumbprint) found = true;`
`123`	`123`
`124`	`124`	`//mis aligned certificate chain, return false so we do not accept this certificate`
`125`	`125`	`if (c != cPrivate) return false;`
`126`		`-`
`127`		`- i++;`
`128`	`126`	`}`
`129`	`127`	`return found;`
`130`	`128`	`}`