[glib-networking] Stop using GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib-networking] Stop using GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT
Date: Tue, 13 Mar 2018 18:12:13 +0000 (UTC)

commit 26a0d2c907e83a0c8dabbf9b3ce937bee2f794fe
Author: Michael Catanzaro <mcatanzaro igalia com>
Date:   Sun Mar 11 15:14:15 2018 -0500

    Stop using GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT
    
    This deprecated flag was removed several years ago, and is now just
    defined to 0.

 tls/gnutls/gtlscertificate-gnutls.c     |    3 +--
 tls/gnutls/gtlsconnection-gnutls.c      |    2 --
 tls/gnutls/gtlsdatabase-gnutls-pkcs11.c |    2 +-
 3 files changed, 2 insertions(+), 5 deletions(-)
---
diff --git a/tls/gnutls/gtlscertificate-gnutls.c b/tls/gnutls/gtlscertificate-gnutls.c
index d5545b3..6a506ad 100644
--- a/tls/gnutls/gtlscertificate-gnutls.c
+++ b/tls/gnutls/gtlscertificate-gnutls.c
@@ -349,8 +349,7 @@ g_tls_certificate_gnutls_verify (GTlsCertificate     *cert,
       ca = priv->cert;
       status = gnutls_x509_crt_list_verify (chain, num_certs,
                                             &ca, 1,
-                                            NULL, 0,
-                                            GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
+                                            NULL, 0, 0,
                                             &gnutls_flags);
       if (status != 0)
         {
diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c
index c3b1938..e5ab896 100644
--- a/tls/gnutls/gtlsconnection-gnutls.c
+++ b/tls/gnutls/gtlsconnection-gnutls.c
@@ -252,8 +252,6 @@ g_tls_connection_gnutls_init (GTlsConnectionGnutls *gnutls)
   gint unique_id;
 
   gnutls_certificate_allocate_credentials (&priv->creds);
-  gnutls_certificate_set_verify_flags (priv->creds,
-                                       GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
 
   priv->need_handshake = TRUE;
 
diff --git a/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c b/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c
index f68c7e8..788c90a 100644
--- a/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c
+++ b/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c
@@ -1044,7 +1044,7 @@ g_tls_database_gnutls_pkcs11_verify_chain (GTlsDatabase             *database,
 
   gerr = gnutls_x509_crt_list_verify (certs, certs_length,
                                       anchors, anchors_length,
-                                      NULL, 0, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT,
+                                      NULL, 0, 0,
                                       &gnutls_result);
 
   g_free (certs);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]