mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 23:58:49 -05:00
Blah, revert my removal of the extra check since the problem is there for real.
Archived thread of the help-gnutls mailing list regarding this problem: http://lists.gnu.org/archive/html/help-gnutls/2005-04/msg00000.html (and I _am_ sorry for my confused behaviour on this problem.)
This commit is contained in:
parent
80fe93bc33
commit
f09e479fd6
14
lib/gtls.c
14
lib/gtls.c
@ -149,13 +149,25 @@ Curl_gtls_connect(struct connectdata *conn,
|
||||
return CURLE_SSL_CONNECT_ERROR;
|
||||
}
|
||||
|
||||
if(data->set.ssl.CAfile) {
|
||||
/* set the trusted CA cert bundle file */
|
||||
|
||||
/*
|
||||
* Unfortunately, if a file name is set here and this function fails for
|
||||
* whatever reason (missing file, bad file, etc), gnutls will no longer
|
||||
* handshake properly but it just loops forever. Therefore, we must return
|
||||
* error here if we get an error when setting the CA cert file name.
|
||||
*
|
||||
* (Question/report posted to the help-gnutls mailing list, April 8 2005)
|
||||
*/
|
||||
rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,
|
||||
data->set.ssl.CAfile,
|
||||
GNUTLS_X509_FMT_PEM);
|
||||
if(rc) {
|
||||
infof(data, "error reading the ca cert file %s",
|
||||
failf(data, "error reading the ca cert file %s",
|
||||
data->set.ssl.CAfile);
|
||||
return CURLE_SSL_CACERT;
|
||||
}
|
||||
}
|
||||
|
||||
/* Initialize TLS session as a client */
|
||||
|
Loading…
Reference in New Issue
Block a user