Commit ea1ea1e5 authored by Kevin J. McCarthy's avatar Kevin J. McCarthy

Fix gnutls (a)lways to properly save for all certerr values.

For the case of SIGNERNOTCA, INSECUREALG, or a newer unhandled value,
the "(a)ccept always" prompt was allowed, but the cert saving was
prevented by a check only against NOTTRUSTED.  This ended up giving a
strange error message saying the cert was not saved.

Fix to save the cert for all errors except HOSTNAME (which is handled
separately).
parent 85ac2c1d
......@@ -1053,7 +1053,8 @@ static int tls_check_one_certificate (const gnutls_datum_t *certdata,
fprintf(fp, "#H %s %s\n", hostname, fpbuf);
done = 1;
}
if (certerr & CERTERR_NOTTRUSTED)
/* Save the cert for all other errors */
if (certerr ^ CERTERR_HOSTNAME)
{
done = 0;
ret = gnutls_pem_base64_encode_alloc ("CERTIFICATE", certdata,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment