Fixed CA cert verification using GnuTLS with the default bundle, which (432dfe2b) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		@@ -7,6 +7,10 @@
		Changelog


		Daniel (24 August 2005)
		- Fixed CA cert verification using GnuTLS with the default bundle, which
		previously failed due to GnuTLS not allowing x509 v1 CA certs by default.

		Daniel (19 August 2005)
		- Norbert Novotny had problems with FTPS and he helped me work out a patch
		that made curl run fine in his end. The key was to make sure we do the

+1 −0

Original line number	Diff line number	Diff line
		@@ -19,6 +19,7 @@ This release includes the following changes:

		This release includes the following bugfixes:

		o CA cert verification with GnuTLS builds
		o handles expiry times in cookie files that go beyond 32 bits in size
		o several client problems with files, such as doing -d @file when the file
		isn't readable now gets a warning displayed

+7 −2

Original line number	Diff line number	Diff line
		@@ -151,13 +151,18 @@ Curl_gtls_connect(struct connectdata *conn,

		if(data->set.ssl.CAfile) {
		/* set the trusted CA cert bundle file */
		gnutls_certificate_set_verify_flags(conn->ssl[sockindex].cred,
		GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);

		rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,
		data->set.ssl.CAfile,
		GNUTLS_X509_FMT_PEM);
		if(rc < 0) {
		if(rc < 0)
		infof(data, "error reading ca cert file %s (%s)\n",
		data->set.ssl.CAfile, gnutls_strerror(rc));
		}
		else
		infof(data, "found %d certificates in %s\n",
		rc, data->set.ssl.CAfile);
		}

		/* Initialize TLS session as a client */