mirror of
https://github.com/moparisthebest/curl
synced 2024-12-22 08:08:50 -05:00
Fixed CA cert verification using GnuTLS with the default bundle, which
previously failed due to GnuTLS not allowing x509 v1 CA certs by default.
This commit is contained in:
parent
a142372750
commit
432dfe2b8f
4
CHANGES
4
CHANGES
@ -7,6 +7,10 @@
|
||||
Changelog
|
||||
|
||||
|
||||
Daniel (24 August 2005)
|
||||
- Fixed CA cert verification using GnuTLS with the default bundle, which
|
||||
previously failed due to GnuTLS not allowing x509 v1 CA certs by default.
|
||||
|
||||
Daniel (19 August 2005)
|
||||
- Norbert Novotny had problems with FTPS and he helped me work out a patch
|
||||
that made curl run fine in his end. The key was to make sure we do the
|
||||
|
@ -19,6 +19,7 @@ This release includes the following changes:
|
||||
|
||||
This release includes the following bugfixes:
|
||||
|
||||
o CA cert verification with GnuTLS builds
|
||||
o handles expiry times in cookie files that go beyond 32 bits in size
|
||||
o several client problems with files, such as doing -d @file when the file
|
||||
isn't readable now gets a warning displayed
|
||||
|
@ -151,13 +151,18 @@ Curl_gtls_connect(struct connectdata *conn,
|
||||
|
||||
if(data->set.ssl.CAfile) {
|
||||
/* set the trusted CA cert bundle file */
|
||||
gnutls_certificate_set_verify_flags(conn->ssl[sockindex].cred,
|
||||
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
|
||||
|
||||
rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,
|
||||
data->set.ssl.CAfile,
|
||||
GNUTLS_X509_FMT_PEM);
|
||||
if(rc < 0) {
|
||||
if(rc < 0)
|
||||
infof(data, "error reading ca cert file %s (%s)\n",
|
||||
data->set.ssl.CAfile, gnutls_strerror(rc));
|
||||
}
|
||||
else
|
||||
infof(data, "found %d certificates in %s\n",
|
||||
rc, data->set.ssl.CAfile);
|
||||
}
|
||||
|
||||
/* Initialize TLS session as a client */
|
||||
|
Loading…
Reference in New Issue
Block a user