From ee798d29bc4ef075937dcba58c1149f64636cb33 Mon Sep 17 00:00:00 2001
From: "kody.low" <kodylow7@gmail.com>
Date: Sun, 7 Jan 2024 16:59:46 -0800
Subject: [PATCH] feat: sorts tls certs

---
 src/lib.rs | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/lib.rs b/src/lib.rs
index 32a7637..932956d 100755
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -333,8 +333,15 @@ mod tls {
             _ocsp_response: &[u8],
             _now: SystemTime,
         ) -> Result<ServerCertVerified, TLSError> {
-            let mut certs = intermediates.iter().collect::<Vec<&Certificate>>();
-            certs.push(end_entity);
+            let mut certs = intermediates
+                .iter()
+                .map(|c| c.0.clone())
+                .collect::<Vec<Vec<u8>>>();
+            certs.push(end_entity.0.clone());
+            certs.sort();
+
+            let mut our_certs = self.certs.clone();
+            our_certs.sort();
 
             if self.certs.len() != certs.len() {
                 return Err(TLSError::General(format!(
@@ -343,8 +350,8 @@ mod tls {
                     certs.len()
                 )));
             }
-            for (c, p) in self.certs.iter().zip(certs.iter()) {
-                if *p.0 != **c {
+            for (c, p) in our_certs.iter().zip(certs.iter()) {
+                if *p != *c {
                     return Err(TLSError::General(
                         "Server certificates do not match ours".to_string(),
                     ));