Restore leniance in certificate key usage violations
It was removed in 256d8e2 because the purpose was unclear. It turns
out that the automatically generated self signed certificates will
have Key Encipherment and Data Encipherment set as key usage, but
the required ones are Digital Signature and Key Encipherment. A
proper certificate generally doesn't have this issue, but connecting
to stand alone machines without a proper certificate is common.
Unfortunately the %COMPAT flag is the only thing that makes GnuTLS
tolerate this bug, but that flag also allows a lot of other protocol
violations.
This commit is contained in:
Pierre Ossman
parent
fdb2da450a
commit
5ce283806c
5
tcp.c
5
tcp.c
@ -55,7 +55,10 @@
|
|||||||
#define INADDR_NONE ((unsigned long) -1)
|
#define INADDR_NONE ((unsigned long) -1)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define GNUTLS_PRIORITY "NORMAL"
|
/* Windows' self signed certificates omit the required Digital
|
||||||
|
Signature key usage flag, and only %COMPAT makes GnuTLS ignore
|
||||||
|
that violation. */
|
||||||
|
#define GNUTLS_PRIORITY "NORMAL:%COMPAT"
|
||||||
|
|
||||||
#ifdef IPv6
|
#ifdef IPv6
|
||||||
static struct addrinfo *g_server_address = NULL;
|
static struct addrinfo *g_server_address = NULL;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user