https://bugs.exim.org/show_bug.cgi?id=2389
Git Commit <git@???> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |git@???
--- Comment #8 from Git Commit <git@???> ---
Git commit:
https://git.exim.org/exim.git/commitdiff/12d95aa62042377fc9f603245a17a43142972447
commit 12d95aa62042377fc9f603245a17a43142972447
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Sun May 19 12:12:36 2019 +0100
Commit: Jeremy Harris <jgh146exb@???>
CommitDate: Sun May 19 12:12:36 2019 +0100
GnuTLS: fix the advertising of acceptable certs by the server. Bug 2389
---
doc/doc-txt/ChangeLog | 4 ++++
src/src/tls-gnu.c | 8 ++++++++
2 files changed, 12 insertions(+)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index a204b37..98a4735 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -98,6 +98,10 @@ JH/19 Bug 2398: fix listing of a named-queue. Previously,
even with the option
queue_list_requires_admin set to false, non-admin users were denied the
facility.
+JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in
+ directory-of-certs mode. Previously they were advertised despite the
+ documentation.
+
Exim version 4.92
-----------------
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index dc8cdab..423c3a2 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -1143,6 +1143,14 @@ else
#endif
gnutls_certificate_set_x509_trust_file(state->x509_cred,
CS state->exp_tls_verify_certificates, GNUTLS_X509_FMT_PEM);
+
+#ifdef SUPPORT_CA_DIR
+ /* Mimic the behaviour with OpenSSL of not advertising a usable-cert list
+ when using the directory-of-certs config model. */
+
+ if ((statbuf.st_mode & S_IFMT) == S_IFDIR)
+ gnutls_certificate_send_x509_rdn_sequence(state->session, 1);
+#endif
}
if (cert_count < 0)
--
You are receiving this mail because:
You are on the CC list for the bug.
