Changeset 200e151 for lib/ssl_nss.c


Ignore:
Timestamp:
2011-12-23T22:40:17Z (8 years ago)
Author:
Wilmer van der Gaast <wilmer@…>
Branches:
master
Children:
5513f3e
Parents:
792a93b
Message:

tls_verify correction: Don't fail cert verification in non-GnuTLS modules
unless "cafile" setting is enabled.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • lib/ssl_nss.c

    r792a93b r200e151  
    140140        conn->func = func;
    141141        conn->data = data;
    142         conn->verify = verify;
     142        conn->verify = verify && global.conf->cafile;
    143143
    144144        /* This function should be called via a (short) timeout instead of
     
    160160        struct scd *conn = data;
    161161       
    162         /* Right now we don't have any verification functionality for nss so we
    163            fail in case verification has been requested by the user. */
     162        /* Right now we don't have any verification functionality for NSS. */
    164163
    165164        if( conn->verify )
    166165        {
    167                 conn->func( conn->data, NSS_VERIFY_ERROR, NULL, cond );
     166                conn->func( conn->data, 1, NULL, cond );
    168167                if( source >= 0 ) closesocket( source );
    169168                g_free( conn );
Note: See TracChangeset for help on using the changeset viewer.