return false;
gnutls_certificate_set_dh_params(x509_cred, dh_params);
+ gnutls_certificate_set_flags(x509_cred, GNUTLS_CERTIFICATE_VERIFY_CRLS);
cert_file = Conf_SSLOptions.CertFile ?
Conf_SSLOptions.CertFile : Conf_SSLOptions.KeyFile;
return false;
}
}
- Log(LOG_INFO, "Storing new X509 certificate credentials in slot %zd.", x509_cred_idx);
+ LogDebug("Storing new X509 certificate credentials in slot %zd.", x509_cred_idx);
slot->x509_cred = x509_cred;
slot->refcnt = 0;
gnutls_mac_get_name(gnutls_mac_get(sess)));
cred = gnutls_auth_get_type(c->ssl_state.gnutls_session);
if (cred == GNUTLS_CRD_CERTIFICATE) {
- cert_seen = true;
-
gnutls_x509_crt_t cert;
unsigned cert_list_size;
const gnutls_datum_t *cert_list =
gnutls_certificate_get_peers(sess, &cert_list_size);
- if (!cert_list || cert_list_size == 0) {
- Log(LOG_ERR, "No certificates found");
+
+ if (!cert_list || cert_list_size == 0)
goto done_cn_validation;
- }
+
+ cert_seen = true;
int err = gnutls_x509_crt_init(&cert);
if (err < 0) {
Log(LOG_ERR,