diff options
author | Daiki Ueno <ueno@gnu.org> | 2020-08-12 07:29:30 +0200 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2020-08-12 07:31:56 +0200 |
commit | 388365cdbb6c8870607120782eb77d29bea97357 (patch) | |
tree | 3f6145ab0c0458cc5a6e489b3ae2211134d0f7b2 | |
parent | 8fccb481601eea346f3598a969371b90baeb08e1 (diff) | |
download | gnutls-tmp-cert-invalid.tar.gz |
serv, cli: ensure that invalid flag is always settmp-cert-invalid
According to the documentation, the GNUTLS_CERT_INVALID flag must
always be set in case of verification failure, together with the flag
indicating the actual error cause.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
-rw-r--r-- | src/common.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/common.c b/src/common.c index 753481741b..2dc54d09bf 100644 --- a/src/common.c +++ b/src/common.c @@ -282,8 +282,11 @@ int cert_verify(gnutls_session_t session, const char *hostname, const char *purp gnutls_free(out.data); - if (status) + if (status) { + if (!(status & GNUTLS_CERT_INVALID)) + abort(); return 0; + } return 1; } |