Merge mainline.

author: Wilmer van der Gaast <wilmer@gaast.net> 2012-11-17 23:51:21 +0000
committer: Wilmer van der Gaast <wilmer@gaast.net> 2012-11-17 23:51:21 +0000
commit: b0064647d06d4169f2b49f4f527ce05af43aacff (patch)
tree: d1d1c7a5bd947cdb9e1931b79fa5b71c65e33cd8 /lib/ssl_gnutls.c
parent: d1356cb8b0f964ddf7de50e1ba52eecc271e470a (diff)
parent: e1d3f986ddad6140a25f3feffc9e28da8fc2318d (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/ssl_gnutls.c b/lib/ssl_gnutls.c
index 987d78cb..45d24e6e 100644
--- a/lib/ssl_gnutls.c
+++ b/lib/ssl_gnutls.c
@@ -84,8 +84,10 @@ void ssl_init( void )
 	{
 		gnutls_certificate_set_x509_trust_file( xcred, global.conf->cafile, GNUTLS_X509_FMT_PEM );
 		
-		/* Not needed in GnuTLS 2.11+ but we support older versions for now. */
-		gnutls_certificate_set_verify_flags( xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT );
+		/* Not needed in GnuTLS 2.11+ (enabled by default there) so
+		   don't do it (resets possible other defaults). */
+		if( !gnutls_check_version( "2.11" ) )
+			gnutls_certificate_set_verify_flags( xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT );
 	}
 	initialized = TRUE;
 	
@@ -107,12 +109,12 @@ void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function fun
 {
 	struct scd *conn = g_new0( struct scd, 1 );
 	
-	conn->fd = proxy_connect( host, port, ssl_connected, conn );
 	conn->func = func;
 	conn->data = data;
 	conn->inpa = -1;
 	conn->hostname = g_strdup( host );
 	conn->verify = verify && global.conf->cafile;
+	conn->fd = proxy_connect( host, port, ssl_connected, conn );
 	
 	if( conn->fd < 0 )
 	{
author	Wilmer van der Gaast <wilmer@gaast.net>	2012-11-17 23:51:21 +0000
committer	Wilmer van der Gaast <wilmer@gaast.net>	2012-11-17 23:51:21 +0000
commit	b0064647d06d4169f2b49f4f527ce05af43aacff (patch)
tree	d1d1c7a5bd947cdb9e1931b79fa5b71c65e33cd8 /lib/ssl_gnutls.c
parent	d1356cb8b0f964ddf7de50e1ba52eecc271e470a (diff)
parent	e1d3f986ddad6140a25f3feffc9e28da8fc2318d (diff)