diff options
| author | Daiki Ueno <ueno@gnu.org> | 2020-08-12 07:29:30 +0200 |
|---|---|---|
| committer | Daiki Ueno <ueno@gnu.org> | 2020-09-03 09:57:13 +0200 |
| commit | 03a999261937c9d389ad96759ff56efbbb1eb605 (patch) | |
| tree | ba3ae31b26a8b8632aa034f7a220ced3ffbb1ce8 | |
| parent | 57e6f805f5dbbf4414c72733604d38772c9dcccf (diff) | |
| download | gnutls-03a999261937c9d389ad96759ff56efbbb1eb605.tar.gz | |
serv, cli: ensure that invalid flag is always set
According to the documentation, the GNUTLS_CERT_INVALID flag must
always be set in case of verification failure, together with the flag
indicating the actual error cause.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
| -rw-r--r-- | src/common.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/common.c b/src/common.c index 753481741b..2dc54d09bf 100644 --- a/src/common.c +++ b/src/common.c @@ -282,8 +282,11 @@ int cert_verify(gnutls_session_t session, const char *hostname, const char *purp gnutls_free(out.data); - if (status) + if (status) { + if (!(status & GNUTLS_CERT_INVALID)) + abort(); return 0; + } return 1; } |