Changeset 5513f3e for lib


Ignore:
Timestamp:
2011-12-24T14:52:35Z (8 years ago)
Author:
Wilmer van der Gaast <wilmer@…>
Branches:
master
Children:
96f954d
Parents:
200e151
Message:

Fix compatibility with old GnuTLS versions, but with a warning. See
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1417 for details.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • lib/ssl_gnutls.c

    r200e151 r5513f3e  
    166166                verifyret |= VERIFY_CERT_INSECURE_ALGORITHM;
    167167
     168#ifdef GNUTLS_CERT_NOT_ACTIVATED
     169        /* Amusingly, the GnuTLS function used above didn't check for expiry
     170           until GnuTLS 2.8 or so. (See CVE-2009-1417) */
    168171        if( status & GNUTLS_CERT_NOT_ACTIVATED )
    169172                verifyret |= VERIFY_CERT_NOT_ACTIVATED;
     
    171174        if( status & GNUTLS_CERT_EXPIRED )
    172175                verifyret |= VERIFY_CERT_EXPIRED;
     176#endif
    173177
    174178        /* The following check is already performed inside
Note: See TracChangeset for help on using the changeset viewer.