Mercurial > pidgin.yaz

changeset 19218:0e17da726a8c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- x509_signed_by now accepts a signature by an X.509 version 1 certificate. Verisign (the signer of all MSN's certificates) and possibly others have root certificates that predate the current standards, and we can't reasonably reject Verisign certs.
author William Ehlhardt <williamehlhardt@gmail.com>
date Mon, 13 Aug 2007 22:49:45 +0000
parents 5cde8ad06204
children 8828d7aec7b6
files libpurple/plugins/ssl/ssl-gnutls.c
diffstat 1 files changed, 7 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/plugins/ssl/ssl-gnutls.c	Mon Aug 13 22:44:23 2007 +0000
+++ b/libpurple/plugins/ssl/ssl-gnutls.c	Mon Aug 13 22:49:45 2007 +0000
@@ -697,7 +697,13 @@
 	/* Now, check the signature */
 	/* The second argument is a ptr to an array of "trusted" issuer certs,
 	   but we're only using one trusted one */
-	ret = gnutls_x509_crt_verify(crt_dat, &issuer_dat, 1, 0, &verify);
+	ret = gnutls_x509_crt_verify(crt_dat, &issuer_dat, 1,
+				     /* Permit signings by X.509v1 certs
+					(Verisign and possibly others have
+					root certificates that predate the
+					current standard) */
+				     GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
+				     &verify);
 	
 	if (ret != 0) {
 		purple_debug_error("gnutls/x509",