| @@ -1,29 +1,31 @@ | | | @@ -1,29 +1,31 @@ |
1 | $NetBSD: patch-ac,v 1.7 2012/07/05 10:30:58 drochner Exp $ | | 1 | $NetBSD: patch-ac,v 1.8 2013/01/17 15:55:31 joerg Exp $ |
2 | | | 2 | |
3 | --- wmbiff/tlsComm.c.orig 2004-10-11 00:29:47.000000000 +0000 | | 3 | --- wmbiff/tlsComm.c.orig 2004-10-11 00:29:47.000000000 +0000 |
4 | +++ wmbiff/tlsComm.c | | 4 | +++ wmbiff/tlsComm.c |
5 | @@ -385,7 +385,7 @@ int | | 5 | @@ -385,16 +385,16 @@ int |
6 | tls_check_certificate(struct connection_state *scs, | | 6 | tls_check_certificate(struct connection_state *scs, |
7 | const char *remote_hostname) | | 7 | const char *remote_hostname) |
8 | { | | 8 | { |
9 | - int certstat; | | 9 | - int certstat; |
10 | + int verify_ret, certstat; | | 10 | + int verify_ret, certstat; |
11 | const gnutls_datum *cert_list; | | 11 | const gnutls_datum *cert_list; |
12 | int cert_list_size = 0; | | 12 | int cert_list_size = 0; |
13 | gnutls_x509_crt cert; | | 13 | gnutls_x509_crt cert; |
14 | @@ -394,7 +394,7 @@ tls_check_certificate(struct connection_ | | 14 | |
| | | 15 | if (gnutls_auth_get_type(scs->tls_state) != GNUTLS_CRD_CERTIFICATE) { |
15 | bad_certificate(scs, "Unable to get certificate from peer.\n"); | | 16 | bad_certificate(scs, "Unable to get certificate from peer.\n"); |
16 | return; /* bad_cert will exit if -skip-certificate-check was not given */ | | 17 | - return; /* bad_cert will exit if -skip-certificate-check was not given */ |
| | | 18 | + return 0; /* bad_cert will exit if -skip-certificate-check was not given */ |
17 | } | | 19 | } |
18 | - certstat = gnutls_certificate_verify_peers(scs->tls_state); | | 20 | - certstat = gnutls_certificate_verify_peers(scs->tls_state); |
19 | + verify_ret = gnutls_certificate_verify_peers2(scs->tls_state, &certstat); | | 21 | + verify_ret = gnutls_certificate_verify_peers2(scs->tls_state, &certstat); |
20 | if (certstat == GNUTLS_E_NO_CERTIFICATE_FOUND) { | | 22 | if (certstat == GNUTLS_E_NO_CERTIFICATE_FOUND) { |
21 | bad_certificate(scs, "server presented no certificate.\n"); | | 23 | bad_certificate(scs, "server presented no certificate.\n"); |
22 | #ifdef GNUTLS_CERT_CORRUPTED | | 24 | #ifdef GNUTLS_CERT_CORRUPTED |
23 | @@ -412,10 +412,12 @@ tls_check_certificate(struct connection_ | | 25 | @@ -412,10 +412,12 @@ tls_check_certificate(struct connection_ |
24 | "server's certificate is invalid or not X.509.\n" | | 26 | "server's certificate is invalid or not X.509.\n" |
25 | "there may be a problem with the certificate stored in your certfile\n"); | | 27 | "there may be a problem with the certificate stored in your certfile\n"); |
26 | } | | 28 | } |
27 | +#ifdef GNUTLS_CERT_NOT_TRUSTED | | 29 | +#ifdef GNUTLS_CERT_NOT_TRUSTED |
28 | } else if (certstat & GNUTLS_CERT_NOT_TRUSTED) { | | 30 | } else if (certstat & GNUTLS_CERT_NOT_TRUSTED) { |
29 | TDM(DEBUG_INFO, "server's certificate is not trusted.\n"); | | 31 | TDM(DEBUG_INFO, "server's certificate is not trusted.\n"); |