diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2005-08-24 07:40:13 +0000 | 
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2005-08-24 07:40:13 +0000 | 
| commit | 432dfe2b8ff14dad451ec25f0bee09d454893324 (patch) | |
| tree | 2f918c8f0c965670df612c28b85721802505e717 /lib | |
| parent | a142372750384d74a5ec4d013458a9c757ca15f6 (diff) | |
Fixed CA cert verification using GnuTLS with the default bundle, which
previously failed due to GnuTLS not allowing x509 v1 CA certs by default.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gtls.c | 9 | 
1 files changed, 7 insertions, 2 deletions
| diff --git a/lib/gtls.c b/lib/gtls.c index 7ca8a0f42..dbe3d1f77 100644 --- a/lib/gtls.c +++ b/lib/gtls.c @@ -151,13 +151,18 @@ Curl_gtls_connect(struct connectdata *conn,    if(data->set.ssl.CAfile) {      /* set the trusted CA cert bundle file */ +    gnutls_certificate_set_verify_flags(conn->ssl[sockindex].cred, +                                        GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); +      rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,                                                  data->set.ssl.CAfile,                                                  GNUTLS_X509_FMT_PEM); -    if(rc < 0) { +    if(rc < 0)        infof(data, "error reading ca cert file %s (%s)\n",              data->set.ssl.CAfile, gnutls_strerror(rc)); -    } +    else +      infof(data, "found %d certificates in %s\n", +            rc, data->set.ssl.CAfile);    }    /* Initialize TLS session as a client */ | 
