diff options
author | Daiki Ueno <ueno@gnu.org> | 2020-08-12 07:29:30 +0200 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2020-09-03 09:57:13 +0200 |
commit | 03a999261937c9d389ad96759ff56efbbb1eb605 (patch) | |
tree | ba3ae31b26a8b8632aa034f7a220ced3ffbb1ce8 | |
parent | 57e6f805f5dbbf4414c72733604d38772c9dcccf (diff) | |
download | gnutls-03a999261937c9d389ad96759ff56efbbb1eb605.tar.gz |
serv, cli: ensure that invalid flag is always set
According to the documentation, the GNUTLS_CERT_INVALID flag must
always be set in case of verification failure, together with the flag
indicating the actual error cause.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
-rw-r--r-- | src/common.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/common.c b/src/common.c index 753481741b..2dc54d09bf 100644 --- a/src/common.c +++ b/src/common.c @@ -282,8 +282,11 @@ int cert_verify(gnutls_session_t session, const char *hostname, const char *purp gnutls_free(out.data); - if (status) + if (status) { + if (!(status & GNUTLS_CERT_INVALID)) + abort(); return 0; + } return 1; } |