Minor documentation update.

author Simon Ruderich <simon@ruderich.org>

Thu, 8 Aug 2013 19:33:18 +0000 (21:33 +0200)

committer Simon Ruderich <simon@ruderich.org>

Thu, 8 Aug 2013 19:33:18 +0000 (21:33 +0200)
author Simon Ruderich <simon@ruderich.org>
Thu, 8 Aug 2013 19:33:18 +0000 (21:33 +0200)
committer Simon Ruderich <simon@ruderich.org>
Thu, 8 Aug 2013 19:33:18 +0000 (21:33 +0200)
diff --git a/src/tlsproxy.c b/src/tlsproxy.c

index f7b9f27553a193b4cd8cfcb312af08a0c0c6ede8..8b9b6d92e1bb3309010b54a7240900a23419268c 100644 (file)
--- a/src/tlsproxy.c
+++ b/src/tlsproxy.c
@@ -375,7 +375,7 @@ static void initialize_gnutls(void) {
      gnutls_datum_t dh_parameters_datum;
  
  /* Recent versions of GnuTLS automatically initialize the cryptography layer
- * in gnutls_global_init(). */
+ * in gnutls_global_init(), including a thread-safe setup. */
  #if GNUTLS_VERSION_NUMBER <= 0x020b00
      gcry_error_t error;
  
diff --git a/src/verify.c b/src/verify.c

index f68d1bb771a63526f93fba00623fa30061b69e9e..7031c28d85752e2f3c398d94fa057b9a35dacc9a 100644 (file)
--- a/src/verify.c
+++ b/src/verify.c
@@ -79,7 +79,8 @@ int verify_tls_connection(gnutls_session_t session, const char *hostname) {
              gnutls_strerror(result));
          return -1;
      }
-    /* Definitely an invalid certificate, abort. */
+    /* Definitely an invalid certificate, abort. We don't perform any CA
+     * verification so don't check for GNUTLS_CERT_INVALID. */
      if (status & GNUTLS_CERT_REVOKED
              || status & GNUTLS_CERT_SIGNER_NOT_CA
              || status & GNUTLS_CERT_INSECURE_ALGORITHM
author	Simon Ruderich <simon@ruderich.org>
	Thu, 8 Aug 2013 19:33:18 +0000 (21:33 +0200)
committer	Simon Ruderich <simon@ruderich.org>
	Thu, 8 Aug 2013 19:33:18 +0000 (21:33 +0200)
src/tlsproxy.c		patch \| blob \| history
src/verify.c		patch \| blob \| history