Changeset 59c03bd for lib/ssl_gnutls.c


Ignore:
Timestamp:
2012-01-03T23:53:28Z (9 years ago)
Author:
Wilmer van der Gaast <wilmer@…>
Branches:
master
Children:
7615726
Parents:
6451d27
Message:

A few more SSL fixes merged from AopicieR. This also fixes OpenSSL compile
issues (bug #881).

File:
1 edited

Legend:

Unmodified
Added
Removed
  • lib/ssl_gnutls.c

    r6451d27 r59c03bd  
    7979        {
    8080                gnutls_certificate_set_x509_trust_file( xcred, global.conf->cafile, GNUTLS_X509_FMT_PEM );
    81                 /* TODO: Do we want/need this? */
     81               
     82                /* Not needed in GnuTLS 2.11+ but we support older versions for now. */
    8283                gnutls_certificate_set_verify_flags( xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT );
    8384        }
     
    191192#endif
    192193
    193         /* The following check is already performed inside
    194          * gnutls_certificate_verify_peers2, so we don't need it.
    195 
    196          * if( gnutls_certificate_type_get( session ) != GNUTLS_CRT_X509 )
    197          * return GNUTLS_E_CERTIFICATE_ERROR;
    198          */
    199 
    200         if( gnutls_x509_crt_init( &cert ) < 0 )
     194        if( gnutls_certificate_type_get( session ) != GNUTLS_CRT_X509 || gnutls_x509_crt_init( &cert ) < 0 )
    201195                return VERIFY_CERT_ERROR;
    202196
Note: See TracChangeset for help on using the changeset viewer.