summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2014-04-21 16:34:01 +0100
committerJeremy Harris <jgh146exb@wizmail.org>2014-04-21 16:42:45 +0100
commit0a92f87f7d62bb4f83fef5b8b10513cdd923fc2e (patch)
tree6268e1da1a256f4ddddc5f70231e4ab8c37f9ea1 /src
parent93d4b03a2d9da8858f33c445b57128ef890f77fe (diff)
Fix testcase "server missing/empty certificate file"
GnuTLS early versions (pre 3.0.0 ?) fail to send a reasonable client-cert request when tls_verify_certificates is an empty file. Since the test is for missing *server* certs (tls_certificate) avoid this by pointing to a real (if non-verifying) cert in tls_verify_certificates.
Diffstat (limited to 'src')
-rw-r--r--src/src/tls-gnu.c14
1 files changed, 6 insertions, 8 deletions
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 7c3625216..cbd44d6f2 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -1228,25 +1228,23 @@ unsigned int verify;
*error = NULL;
-rc = peer_status(state);
-if (rc != OK)
+if ((rc = peer_status(state)) != OK)
{
verify = GNUTLS_CERT_INVALID;
- *error = "not supplied";
+ *error = "certificate not supplied";
}
else
- {
rc = gnutls_certificate_verify_peers2(state->session, &verify);
- }
/* Handle the result of verification. INVALID seems to be set as well
as REVOKED, but leave the test for both. */
-if ((rc < 0) || (verify & (GNUTLS_CERT_INVALID|GNUTLS_CERT_REVOKED)) != 0)
+if (rc < 0 || verify & (GNUTLS_CERT_INVALID|GNUTLS_CERT_REVOKED))
{
state->peer_cert_verified = FALSE;
- if (*error == NULL)
- *error = ((verify & GNUTLS_CERT_REVOKED) != 0) ? "revoked" : "invalid";
+ if (!*error)
+ *error = verify & GNUTLS_CERT_REVOKED
+ ? "certificate revoked" : "certificate invalid";
DEBUG(D_tls)
debug_printf("TLS certificate verification failed (%s): peerdn=%s\n",
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-29 20:29:22 +0000