Commit f09e479f authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

Blah, revert my removal of the extra check since the problem is there for real. 

Archived thread of the help-gnutls mailing list regarding this problem:

http://lists.gnu.org/archive/html/help-gnutls/2005-04/msg00000.html

(and I _am_ sorry for my confused behaviour on this problem.)
parent 80fe93bc

lib/gtls.c

+19 −7
Original line number Diff line number Diff line
@@ -149,13 +149,25 @@ Curl_gtls_connect(struct connectdata *conn, 
    return CURLE_SSL_CONNECT_ERROR;

  }



  if(data->set.ssl.CAfile) {

    /* set the trusted CA cert bundle file */



    /*

     * Unfortunately, if a file name is set here and this function fails for

     * whatever reason (missing file, bad file, etc), gnutls will no longer

     * handshake properly but it just loops forever. Therefore, we must return

     * error here if we get an error when setting the CA cert file name.

     *

     * (Question/report posted to the help-gnutls mailing list, April 8 2005)

     */

    rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,

                                                data->set.ssl.CAfile,

                                                GNUTLS_X509_FMT_PEM);

    if(rc) {

    infof(data, "error reading the ca cert file %s",

      failf(data, "error reading the ca cert file %s",

            data->set.ssl.CAfile);

      return CURLE_SSL_CACERT;

    }

  }



  /* Initialize TLS session as a client */