Use separate counters for inner and outer loop.

The inner and outer loop share a counter. The inner loop resets the
counter to zero when entering the loop. I don't believe this is the
intention from an examination of the code. Have inner and outer loops
use separate counters.

Signed-off-by: Tom Carroll <incentivedesign@gmail.com>

diff --git a/gnutls.c b/gnutls.c
index ffcf1ca7adad0425d497f06c0e7a4812ee7d7066..db1e4470a32d52d8730ea7653b161b844ebbd20a 100644 (file)
--- a/gnutls.c
+++ b/gnutls.c
@@ -1492,7 +1492,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
           match. So sign some dummy data and then check the signature against each
           of the available certificates until we find the right one. */
        if (pkey) {
-               unsigned i;
+               unsigned i, j;
                gnutls_digest_algorithm_t dig;
 
                /* The TPM code may have already signed it, to test authorisation. We
@@ -1528,11 +1528,11 @@ static int load_certificate(struct openconnect_info *vpninfo)
                        }
 
                        /* If extra_certs[] is NULL, we have one candidate in 'cert' to check. */
-                       for (i = 0; i < (extra_certs ? nr_extra_certs : 1); i++) {
+                       for (j = 0; j < (extra_certs ? nr_extra_certs : 1); j++) {
                                gnutls_pubkey_t pubkey;
 
                                gnutls_pubkey_init(&pubkey);
-                               err = gnutls_pubkey_import_x509(pubkey, extra_certs ? extra_certs[i] : cert, 0);
+                               err = gnutls_pubkey_import_x509(pubkey, extra_certs ? extra_certs[j] : cert, 0);
                                if (err) {
                                        vpn_progress(vpninfo, PRG_ERR,
                                                     _("Error validating signature against certificate: %s\n"),
@@ -1546,8 +1546,8 @@ static int load_certificate(struct openconnect_info *vpninfo)
 
                                if (err >= 0) {
                                        if (extra_certs) {
-                                               cert = extra_certs[i];
-                                               extra_certs[i] = NULL;
+                                               cert = extra_certs[j];
+                                               extra_certs[j] = NULL;
                                        }
                                        gnutls_free(pkey_sig.data);
                                        pkey_sig.data = NULL;