diff options
author | Simon Josefsson <simon@josefsson.org> | 2009-02-11 17:01:50 +0100 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2009-02-11 17:01:50 +0100 |
commit | 29c3b3e7acb542bd488ceb21b1c2e427d6af9a01 (patch) | |
tree | 30f61ac10edc82876e88cfc0e766c17f732c522a | |
parent | dea1a108b9bb09114a4d89bbc9961616b9b7cb39 (diff) | |
download | gnutls-29c3b3e7acb542bd488ceb21b1c2e427d6af9a01.tar.gz |
gnutls-cli: Don't permit V1 CAs by default.
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | src/cli.c | 5 |
2 files changed, 2 insertions, 5 deletions
@@ -9,6 +9,8 @@ See the end for copying conditions. The tool now uses libgnutls' functions to print certificate information. This avoids code duplication. +** gnutls-cli: No longer accepts V1 CAs by default. + ** libgnutls: gnutls_x509_crt_print prints signature algorithm in oneline mode. ** libgnutls: gnutls_openpgp_crt_print supports oneline mode. @@ -1075,11 +1075,6 @@ init_global_tls_stuff (void) exit (1); } - /* there are some CAs that have a v1 certificate *%&@#*%& - */ - gnutls_certificate_set_verify_flags (xcred, - GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); - if (x509_cafile != NULL) { ret = |