diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-11-26 12:46:16 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-11-26 12:56:25 +0100 |
commit | 60ee8a0eb9975d123002b1cffbefd60a8cd5fae6 (patch) | |
tree | a1832f7588be5ceffa4fbb8a2ffac85687f1327e /src/cli.c | |
parent | 97a0e28fd8821dd5ab5a392a761736d0f4f95804 (diff) | |
download | gnutls-60ee8a0eb9975d123002b1cffbefd60a8cd5fae6.tar.gz |
Reverted default behavior for verification and introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT.
Thus by default V1 trusted CAs are allowed, unless the new flag is specified.
Diffstat (limited to 'src/cli.c')
-rw-r--r-- | src/cli.c | 3 |
1 files changed, 1 insertions, 2 deletions
@@ -599,8 +599,7 @@ init_tls_session (const char *hostname) gnutls_certificate_set_retrieve_function (xcred, cert_callback); gnutls_certificate_set_verify_function (xcred, cert_verify_callback); - gnutls_certificate_set_verify_flags (xcred, - GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); + gnutls_certificate_set_verify_flags (xcred, 0); /* send the fingerprint */ #ifdef ENABLE_OPENPGP |