diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2019-05-19 12:12:36 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2019-05-19 12:12:36 +0100 |
| commit | 12d95aa62042377fc9f603245a17a43142972447 (patch) | |
| tree | b60ee2fcc221d7086317e6cca134951e90dbb40b /src | |
| parent | 27607d0311c4b32440c6a3396e4a022640dd930e (diff) | |
GnuTLS: fix the advertising of acceptable certs by the server. Bug 2389
Diffstat (limited to 'src')
| -rw-r--r-- | src/src/tls-gnu.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index dc8cdab5c..423c3a23d 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -1143,6 +1143,14 @@ else #endif gnutls_certificate_set_x509_trust_file(state->x509_cred, CS state->exp_tls_verify_certificates, GNUTLS_X509_FMT_PEM); + +#ifdef SUPPORT_CA_DIR + /* Mimic the behaviour with OpenSSL of not advertising a usable-cert list + when using the directory-of-certs config model. */ + + if ((statbuf.st_mode & S_IFMT) == S_IFDIR) + gnutls_certificate_send_x509_rdn_sequence(state->session, 1); +#endif } if (cert_count < 0) |