]> ruderich.org/simon Gitweb - tlsproxy/tlsproxy.git/blobdiff - src/verify.c
ruderich.org/simon / tlsproxy / tlsproxy.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Minor documentation update.
[tlsproxy/tlsproxy.git] / src / verify.c
diff --git a/src/verify.c b/src/verify.c
index f68d1bb771a63526f93fba00623fa30061b69e9e..7031c28d85752e2f3c398d94fa057b9a35dacc9a 100644 (file)
--- a/src/verify.c
+++ b/src/verify.c
@@ -79,7 +79,8 @@ int verify_tls_connection(gnutls_session_t session, const char *hostname) {
             gnutls_strerror(result));
         return -1;
     }
-    /* Definitely an invalid certificate, abort. */
+    /* Definitely an invalid certificate, abort. We don't perform any CA
+     * verification so don't check for GNUTLS_CERT_INVALID. */
     if (status & GNUTLS_CERT_REVOKED
             || status & GNUTLS_CERT_SIGNER_NOT_CA
             || status & GNUTLS_CERT_INSECURE_ALGORITHM
Certificate verifying tlsproxy, prevents MITMs by (manipulated) CAs by verifying the server certificate.