serv, cli: ensure that invalid flag is always settmp-cert-invalid

According to the documentation, the GNUTLS_CERT_INVALID flag must always be set in case of verification failure, together with the flag indicating the actual error cause. Signed-off-by: Daiki Ueno <ueno@gnu.org>
author: Daiki Ueno <ueno@gnu.org> 2020-08-12 07:29:30 +0200
committer: Daiki Ueno <ueno@gnu.org> 2020-08-12 07:31:56 +0200
commit: 388365cdbb6c8870607120782eb77d29bea97357 (patch)
tree: 3f6145ab0c0458cc5a6e489b3ae2211134d0f7b2
parent: 8fccb481601eea346f3598a969371b90baeb08e1 (diff)
download: gnutls-tmp-cert-invalid.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/src/common.c b/src/common.c
index 753481741b..2dc54d09bf 100644
--- a/src/common.c
+++ b/src/common.c
@@ -282,8 +282,11 @@ int cert_verify(gnutls_session_t session, const char *hostname, const char *purp
 
 	gnutls_free(out.data);
 
-	if (status)
+	if (status) {
+		if (!(status & GNUTLS_CERT_INVALID))
+			abort();
 		return 0;
+	}
 
 	return 1;
 }
author	Daiki Ueno <ueno@gnu.org>	2020-08-12 07:29:30 +0200
committer	Daiki Ueno <ueno@gnu.org>	2020-08-12 07:31:56 +0200
commit	388365cdbb6c8870607120782eb77d29bea97357 (patch)
tree	3f6145ab0c0458cc5a6e489b3ae2211134d0f7b2
parent	8fccb481601eea346f3598a969371b90baeb08e1 (diff)
download	gnutls-tmp-cert-invalid.tar.gz