Reverted default behavior for verification and introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT.

Thus by default V1 trusted CAs are allowed, unless the new flag is specified.
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2010-11-26 12:46:16 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2010-11-26 12:56:25 +0100
commit: 60ee8a0eb9975d123002b1cffbefd60a8cd5fae6 (patch)
tree: a1832f7588be5ceffa4fbb8a2ffac85687f1327e /src/cli.c
parent: 97a0e28fd8821dd5ab5a392a761736d0f4f95804 (diff)
download: gnutls-60ee8a0eb9975d123002b1cffbefd60a8cd5fae6.tar.gz
1 files changed, 1 insertions, 2 deletions
diff --git a/src/cli.c b/src/cli.c
index bd1d71299d..8aea0695d5 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -599,8 +599,7 @@ init_tls_session (const char *hostname)
 
   gnutls_certificate_set_retrieve_function (xcred, cert_callback);
   gnutls_certificate_set_verify_function (xcred, cert_verify_callback);
-  gnutls_certificate_set_verify_flags (xcred,
-				       GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
+  gnutls_certificate_set_verify_flags (xcred, 0);
 
   /* send the fingerprint */
 #ifdef ENABLE_OPENPGP
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2010-11-26 12:46:16 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2010-11-26 12:56:25 +0100
commit	60ee8a0eb9975d123002b1cffbefd60a8cd5fae6 (patch)
tree	a1832f7588be5ceffa4fbb8a2ffac85687f1327e /src/cli.c
parent	97a0e28fd8821dd5ab5a392a761736d0f4f95804 (diff)
download	gnutls-60ee8a0eb9975d123002b1cffbefd60a8cd5fae6.tar.gz