From 8c4ae426c578d53c7afcbcbc178c96a7da3614c2 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Thu, 8 Aug 2013 21:33:18 +0200 Subject: [PATCH] Minor documentation update. --- src/tlsproxy.c | 2 +- src/verify.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/tlsproxy.c b/src/tlsproxy.c index f7b9f27..8b9b6d9 100644 --- a/src/tlsproxy.c +++ b/src/tlsproxy.c @@ -375,7 +375,7 @@ static void initialize_gnutls(void) { gnutls_datum_t dh_parameters_datum; /* Recent versions of GnuTLS automatically initialize the cryptography layer - * in gnutls_global_init(). */ + * in gnutls_global_init(), including a thread-safe setup. */ #if GNUTLS_VERSION_NUMBER <= 0x020b00 gcry_error_t error; diff --git a/src/verify.c b/src/verify.c index f68d1bb..7031c28 100644 --- a/src/verify.c +++ b/src/verify.c @@ -79,7 +79,8 @@ int verify_tls_connection(gnutls_session_t session, const char *hostname) { gnutls_strerror(result)); return -1; } - /* Definitely an invalid certificate, abort. */ + /* Definitely an invalid certificate, abort. We don't perform any CA + * verification so don't check for GNUTLS_CERT_INVALID. */ if (status & GNUTLS_CERT_REVOKED || status & GNUTLS_CERT_SIGNER_NOT_CA || status & GNUTLS_CERT_INSECURE_ALGORITHM -- 2.45.2