X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=src%2Fverify.c;h=855c5d21c4bcf470fb9d036523a984e7c4a3a6aa;hb=f012f75b2ed64fe9955b1dc2013c06e054bafd7f;hp=f68d1bb771a63526f93fba00623fa30061b69e9e;hpb=8f9459308e695a30874a6cdcd53aa26441b87131;p=tlsproxy%2Ftlsproxy.git

diff --git a/src/verify.c b/src/verify.c
index f68d1bb..855c5d2 100644
--- a/src/verify.c
+++ b/src/verify.c
@@ -79,7 +79,8 @@ int verify_tls_connection(gnutls_session_t session, const char *hostname) {
             gnutls_strerror(result));
         return -1;
     }
-    /* Definitely an invalid certificate, abort. */
+    /* Definitely an invalid certificate, abort. We don't perform any CA
+     * verification so don't check for GNUTLS_CERT_INVALID. */
     if (status & GNUTLS_CERT_REVOKED
             || status & GNUTLS_CERT_SIGNER_NOT_CA
             || status & GNUTLS_CERT_INSECURE_ALGORITHM
@@ -236,13 +237,13 @@ static int get_certificate_path(const char *format,
 }
 
 int proxy_certificate_path(const char *hostname, char *path, size_t size) {
-    return get_certificate_path(PROXY_SERVER_CERT_FORMAT,
+    return get_certificate_path(PROXY_SERVER_CERT_FILE_FORMAT,
                                 hostname, path, size);
 }
 
 int server_certificate_file(FILE **file, const char *hostname,
                             char *path, size_t size) {
-    if (get_certificate_path(STORED_SERVER_CERT_FORMAT,
+    if (get_certificate_path(STORED_SERVER_CERT_FILE_FORMAT,
                              hostname, path, size) != 0) {
         LOG_PERROR(ERROR, "server_certificate_file(): failed to get path");
         return -1;