Pull Andreas Metzler's fix for gnutls_certificate_verify_peers (bug 1095)

author: Phil Pennock <pdp@exim.org> 2011-09-24 03:09:44 -0400
committer: Phil Pennock <pdp@exim.org> 2011-09-24 03:09:44 -0400
commit: 89f897c3fdb4c1342b3e9b9f6cb33cd0f869e2aa (patch)
tree: 154c958426d29baa2e74c6aca04e19bfac21f72e /src
parent: c566dd90401a8b20b873644e3cdab175f1e86ede (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 4de9d4f68..6b80637e9 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -235,10 +235,10 @@ Returns:     TRUE/FALSE
 static BOOL
 verify_certificate(gnutls_session session, const char **error)
 {
-int verify;
+int rc;
 uschar *dn_string = US"";
 const gnutls_datum *cert;
-unsigned int cert_size = 0;
+unsigned int verify, cert_size = 0;
 
 *error = NULL;
 
@@ -262,7 +262,7 @@ if (cert != NULL)
       dn_string = string_copy_malloc(buff);
     }
 
-  verify = gnutls_certificate_verify_peers(session);
+  rc = gnutls_certificate_verify_peers2(session, &verify);
   }
 else
   {
@@ -274,7 +274,7 @@ else
 /* Handle the result of verification. INVALID seems to be set as well
 as REVOKED, but leave the test for both. */
 
-if ((verify & (GNUTLS_CERT_INVALID|GNUTLS_CERT_REVOKED)) != 0)
+if ((rc < 0) || (verify & (GNUTLS_CERT_INVALID|GNUTLS_CERT_REVOKED)) != 0)
   {
   tls_certificate_verified = FALSE;
   if (*error == NULL) *error = ((verify & GNUTLS_CERT_REVOKED) != 0)?
author	Phil Pennock <pdp@exim.org>	2011-09-24 03:09:44 -0400
committer	Phil Pennock <pdp@exim.org>	2011-09-24 03:09:44 -0400
commit	89f897c3fdb4c1342b3e9b9f6cb33cd0f869e2aa (patch)
tree	154c958426d29baa2e74c6aca04e19bfac21f72e /src
parent	c566dd90401a8b20b873644e3cdab175f1e86ede (diff)