diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2005-08-24 07:40:13 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2005-08-24 07:40:13 +0000 |
| commit | 432dfe2b8ff14dad451ec25f0bee09d454893324 (patch) | |
| tree | 2f918c8f0c965670df612c28b85721802505e717 | |
| parent | a142372750384d74a5ec4d013458a9c757ca15f6 (diff) | |
Fixed CA cert verification using GnuTLS with the default bundle, which
previously failed due to GnuTLS not allowing x509 v1 CA certs by default.
| -rw-r--r-- | CHANGES | 4 | ||||
| -rw-r--r-- | RELEASE-NOTES | 1 | ||||
| -rw-r--r-- | lib/gtls.c | 9 |
3 files changed, 12 insertions, 2 deletions
@@ -7,6 +7,10 @@ Changelog +Daniel (24 August 2005) +- Fixed CA cert verification using GnuTLS with the default bundle, which + previously failed due to GnuTLS not allowing x509 v1 CA certs by default. + Daniel (19 August 2005) - Norbert Novotny had problems with FTPS and he helped me work out a patch that made curl run fine in his end. The key was to make sure we do the diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 7ff1fbb58..213e561c0 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -19,6 +19,7 @@ This release includes the following changes: This release includes the following bugfixes: + o CA cert verification with GnuTLS builds o handles expiry times in cookie files that go beyond 32 bits in size o several client problems with files, such as doing -d @file when the file isn't readable now gets a warning displayed diff --git a/lib/gtls.c b/lib/gtls.c index 7ca8a0f42..dbe3d1f77 100644 --- a/lib/gtls.c +++ b/lib/gtls.c @@ -151,13 +151,18 @@ Curl_gtls_connect(struct connectdata *conn, if(data->set.ssl.CAfile) { /* set the trusted CA cert bundle file */ + gnutls_certificate_set_verify_flags(conn->ssl[sockindex].cred, + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); + rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred, data->set.ssl.CAfile, GNUTLS_X509_FMT_PEM); - if(rc < 0) { + if(rc < 0) infof(data, "error reading ca cert file %s (%s)\n", data->set.ssl.CAfile, gnutls_strerror(rc)); - } + else + infof(data, "found %d certificates in %s\n", + rc, data->set.ssl.CAfile); } /* Initialize TLS session as a client */ |