Changelog
+Daniel (24 August 2005)
+- Fixed CA cert verification using GnuTLS with the default bundle, which
+ previously failed due to GnuTLS not allowing x509 v1 CA certs by default.
+
Daniel (19 August 2005)
- Norbert Novotny had problems with FTPS and he helped me work out a patch
that made curl run fine in his end. The key was to make sure we do the
This release includes the following bugfixes:
+ o CA cert verification with GnuTLS builds
o handles expiry times in cookie files that go beyond 32 bits in size
o several client problems with files, such as doing -d @file when the file
isn't readable now gets a warning displayed
if(data->set.ssl.CAfile) {
/* set the trusted CA cert bundle file */
+ gnutls_certificate_set_verify_flags(conn->ssl[sockindex].cred,
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
+
rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,
data->set.ssl.CAfile,
GNUTLS_X509_FMT_PEM);
- if(rc < 0) {
+ if(rc < 0)
infof(data, "error reading ca cert file %s (%s)\n",
data->set.ssl.CAfile, gnutls_strerror(rc));
- }
+ else
+ infof(data, "found %d certificates in %s\n",
+ rc, data->set.ssl.CAfile);
}
/* Initialize TLS session as a client */
projects / platform / upstream / curl.git / commitdiff