Changeset 59c03bd for lib/ssl_gnutls.c

Timestamp:

2012-01-03T23:53:28Z (12 years ago)

Author:

Wilmer van der Gaast <wilmer@…>

Branches:

master

Children:

7615726

Parents:

6451d27

Message:

A few more SSL fixes merged from AopicieR. This also fixes OpenSSL compile
issues (bug #881).

File:

• lib/ssl_gnutls.c (modified) (2 diffs)

lib/ssl_gnutls.c

@@ -79 +79 @@
         {
                 gnutls_certificate_set_x509_trust_file( xcred, global.conf->cafile, GNUTLS_X509_FMT_PEM );
-                /* TODO: Do we want/need this? */
+                
+                /* Not needed in GnuTLS 2.11+ but we support older versions for now. */
                 gnutls_certificate_set_verify_flags( xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT );
         }
@@ -191 +192 @@
 #endif
 
-        /* The following check is already performed inside 
-         * gnutls_certificate_verify_peers2, so we don't need it.
-
-         * if( gnutls_certificate_type_get( session ) != GNUTLS_CRT_X509 )
-         * return GNUTLS_E_CERTIFICATE_ERROR;
-         */
-
-        if( gnutls_x509_crt_init( &cert ) < 0 )
+        if( gnutls_certificate_type_get( session ) != GNUTLS_CRT_X509 || gnutls_x509_crt_init( &cert ) < 0 )
                 return VERIFY_CERT_ERROR;