Mercurial > pidgin
changeset 19218:0e17da726a8c
- x509_signed_by now accepts a signature by an X.509 version 1
certificate. Verisign (the signer of all MSN's certificates) and
possibly others have root certificates that predate the current
standards, and we can't reasonably reject Verisign certs.
| author | William Ehlhardt <williamehlhardt@gmail.com> |
|---|---|
| date | Mon, 13 Aug 2007 22:49:45 +0000 |
| parents | 5cde8ad06204 |
| children | 8828d7aec7b6 |
| files | libpurple/plugins/ssl/ssl-gnutls.c |
| diffstat | 1 files changed, 7 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/libpurple/plugins/ssl/ssl-gnutls.c Mon Aug 13 22:44:23 2007 +0000 +++ b/libpurple/plugins/ssl/ssl-gnutls.c Mon Aug 13 22:49:45 2007 +0000 @@ -697,7 +697,13 @@ /* Now, check the signature */ /* The second argument is a ptr to an array of "trusted" issuer certs, but we're only using one trusted one */ - ret = gnutls_x509_crt_verify(crt_dat, &issuer_dat, 1, 0, &verify); + ret = gnutls_x509_crt_verify(crt_dat, &issuer_dat, 1, + /* Permit signings by X.509v1 certs + (Verisign and possibly others have + root certificates that predate the + current standard) */ + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, + &verify); if (ret != 0) { purple_debug_error("gnutls/x509",