diff options
author | William Ehlhardt <williamehlhardt@gmail.com> | 2007-08-13 22:49:45 +0000 |
---|---|---|
committer | William Ehlhardt <williamehlhardt@gmail.com> | 2007-08-13 22:49:45 +0000 |
commit | 929758f33ec82a59cdc40c66cecd6856e461737f (patch) | |
tree | 08aa08f19415b2cc844ea9501ab6520d658bd139 | |
parent | fd7634e6ec93ab9ddac6f6b038d0a477290b585e (diff) | |
download | pidgin-929758f33ec82a59cdc40c66cecd6856e461737f.tar.gz |
- x509_signed_by now accepts a signature by an X.509 version 1
certificate. Verisign (the signer of all MSN's certificates) and
possibly others have root certificates that predate the current
standards, and we can't reasonably reject Verisign certs.
-rw-r--r-- | libpurple/plugins/ssl/ssl-gnutls.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/libpurple/plugins/ssl/ssl-gnutls.c b/libpurple/plugins/ssl/ssl-gnutls.c index 32be133d0f..8e391679f6 100644 --- a/libpurple/plugins/ssl/ssl-gnutls.c +++ b/libpurple/plugins/ssl/ssl-gnutls.c @@ -697,7 +697,13 @@ x509_certificate_signed_by(PurpleCertificate * crt, /* Now, check the signature */ /* The second argument is a ptr to an array of "trusted" issuer certs, but we're only using one trusted one */ - ret = gnutls_x509_crt_verify(crt_dat, &issuer_dat, 1, 0, &verify); + ret = gnutls_x509_crt_verify(crt_dat, &issuer_dat, 1, + /* Permit signings by X.509v1 certs + (Verisign and possibly others have + root certificates that predate the + current standard) */ + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, + &verify); if (ret != 0) { purple_debug_error("gnutls/x509", |