changeset
- x509_signed_by now accepts a signature by an X.509 version 1
Mon, 13 Aug 2007 22:49:45 +0000
- author
- William Ehlhardt <williamehlhardt@gmail.com>
- date
- Mon, 13 Aug 2007 22:49:45 +0000
- branch
- soc.2007.certmgr
- changeset 19359
- 8961d49b1b87
- parent 19358
- b5ef5441e2a7
- child 19360
- 07fb474c019a
- x509_signed_by now accepts a signature by an X.509 version 1
certificate. Verisign (the signer of all MSN's certificates) and
possibly others have root certificates that predate the current
standards, and we can't reasonably reject Verisign certs.
| libpurple/plugins/ssl/ssl-gnutls.c | file | annotate | diff | comparison | revisions |
--- a/libpurple/plugins/ssl/ssl-gnutls.c Mon Aug 13 22:44:23 2007 +0000 +++ b/libpurple/plugins/ssl/ssl-gnutls.c Mon Aug 13 22:49:45 2007 +0000 @@ -697,7 +697,13 @@ /* Now, check the signature */ /* The second argument is a ptr to an array of "trusted" issuer certs, but we're only using one trusted one */ - ret = gnutls_x509_crt_verify(crt_dat, &issuer_dat, 1, 0, &verify); + ret = gnutls_x509_crt_verify(crt_dat, &issuer_dat, 1, + /* Permit signings by X.509v1 certs + (Verisign and possibly others have + root certificates that predate the + current standard) */ + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, + &verify); if (ret != 0) { purple_debug_error("gnutls/x509",
