diff options
| author | Ted Zlatanov | 2014-03-17 17:29:56 -0400 |
|---|---|---|
| committer | Ted Zlatanov | 2014-03-17 17:29:56 -0400 |
| commit | 525d9a3cec58d0526c71a7080b07ad4c6fed7ec9 (patch) | |
| tree | 402deb06e2b4446f3509fad238d970675f46386f /src | |
| parent | adbfe42cd90d69b436bc791cf1b73cd2bffc64ca (diff) | |
| download | emacs-525d9a3cec58d0526c71a7080b07ad4c6fed7ec9.tar.gz emacs-525d9a3cec58d0526c71a7080b07ad4c6fed7ec9.zip | |
gnutls.c (Fgnutls_boot): Fix case of :verify-error = t.
Diffstat (limited to 'src')
| -rw-r--r-- | src/ChangeLog | 4 | ||||
| -rw-r--r-- | src/gnutls.c | 17 |
2 files changed, 17 insertions, 4 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index 54c07f960f1..1330e5ed132 100644 --- a/src/ChangeLog +++ b/src/ChangeLog | |||
| @@ -1,3 +1,7 @@ | |||
| 1 | 2014-03-17 Teodor Zlatanov <tzz@lifelogs.com> | ||
| 2 | |||
| 3 | * gnutls.c (Fgnutls_boot): Fix case of :verify-error = t. | ||
| 4 | |||
| 1 | 2014-03-16 Eli Zaretskii <eliz@gnu.org> | 5 | 2014-03-16 Eli Zaretskii <eliz@gnu.org> |
| 2 | 6 | ||
| 3 | * search.c (find_newline): Speed up the function when using the | 7 | * search.c (find_newline): Speed up the function when using the |
diff --git a/src/gnutls.c b/src/gnutls.c index dd975b160cd..03c29d03014 100644 --- a/src/gnutls.c +++ b/src/gnutls.c | |||
| @@ -786,6 +786,7 @@ one trustfile (usually a CA bundle). */) | |||
| 786 | { | 786 | { |
| 787 | int ret = GNUTLS_E_SUCCESS; | 787 | int ret = GNUTLS_E_SUCCESS; |
| 788 | int max_log_level = 0; | 788 | int max_log_level = 0; |
| 789 | bool verify_error_all = 0; | ||
| 789 | 790 | ||
| 790 | gnutls_session_t state; | 791 | gnutls_session_t state; |
| 791 | gnutls_certificate_credentials_t x509_cred = NULL; | 792 | gnutls_certificate_credentials_t x509_cred = NULL; |
| @@ -825,8 +826,14 @@ one trustfile (usually a CA bundle). */) | |||
| 825 | verify_error = Fplist_get (proplist, QCgnutls_bootprop_verify_error); | 826 | verify_error = Fplist_get (proplist, QCgnutls_bootprop_verify_error); |
| 826 | prime_bits = Fplist_get (proplist, QCgnutls_bootprop_min_prime_bits); | 827 | prime_bits = Fplist_get (proplist, QCgnutls_bootprop_min_prime_bits); |
| 827 | 828 | ||
| 828 | if (NILP (Flistp (verify_error))) | 829 | if (EQ (verify_error, Qt)) |
| 829 | error ("gnutls-boot: invalid :verify_error parameter (not a list)"); | 830 | { |
| 831 | verify_error_all = 1; | ||
| 832 | } | ||
| 833 | else if (NILP (Flistp (verify_error))) | ||
| 834 | { | ||
| 835 | error ("gnutls-boot: invalid :verify_error parameter (not a list)"); | ||
| 836 | } | ||
| 830 | 837 | ||
| 831 | if (!STRINGP (hostname)) | 838 | if (!STRINGP (hostname)) |
| 832 | error ("gnutls-boot: invalid :hostname parameter (not a string)"); | 839 | error ("gnutls-boot: invalid :hostname parameter (not a string)"); |
| @@ -1071,7 +1078,8 @@ one trustfile (usually a CA bundle). */) | |||
| 1071 | 1078 | ||
| 1072 | if (peer_verification != 0) | 1079 | if (peer_verification != 0) |
| 1073 | { | 1080 | { |
| 1074 | if (!NILP (Fmember (QCgnutls_bootprop_trustfiles, verify_error))) | 1081 | if (verify_error_all |
| 1082 | || !NILP (Fmember (QCgnutls_bootprop_trustfiles, verify_error))) | ||
| 1075 | { | 1083 | { |
| 1076 | emacs_gnutls_deinit (proc); | 1084 | emacs_gnutls_deinit (proc); |
| 1077 | error ("Certificate validation failed %s, verification code %d", | 1085 | error ("Certificate validation failed %s, verification code %d", |
| @@ -1120,7 +1128,8 @@ one trustfile (usually a CA bundle). */) | |||
| 1120 | 1128 | ||
| 1121 | if (!fn_gnutls_x509_crt_check_hostname (gnutls_verify_cert, c_hostname)) | 1129 | if (!fn_gnutls_x509_crt_check_hostname (gnutls_verify_cert, c_hostname)) |
| 1122 | { | 1130 | { |
| 1123 | if (!NILP (Fmember (QCgnutls_bootprop_hostname, verify_error))) | 1131 | if (verify_error_all |
| 1132 | || !NILP (Fmember (QCgnutls_bootprop_hostname, verify_error))) | ||
| 1124 | { | 1133 | { |
| 1125 | fn_gnutls_x509_crt_deinit (gnutls_verify_cert); | 1134 | fn_gnutls_x509_crt_deinit (gnutls_verify_cert); |
| 1126 | emacs_gnutls_deinit (proc); | 1135 | emacs_gnutls_deinit (proc); |