Check for EOF while reading the HTTP request.

[tlsproxy/tlsproxy.git] / src / verify.c

diff --git a/src/verify.c b/src/verify.c
index f68d1bb771a63526f93fba00623fa30061b69e9e..855c5d21c4bcf470fb9d036523a984e7c4a3a6aa 100644 (file)
--- a/src/verify.c
+++ b/src/verify.c
@@ -79,7 +79,8 @@ int verify_tls_connection(gnutls_session_t session, const char *hostname) {
             gnutls_strerror(result));
         return -1;
     }
-    /* Definitely an invalid certificate, abort. */
+    /* Definitely an invalid certificate, abort. We don't perform any CA
+     * verification so don't check for GNUTLS_CERT_INVALID. */
     if (status & GNUTLS_CERT_REVOKED
             || status & GNUTLS_CERT_SIGNER_NOT_CA
             || status & GNUTLS_CERT_INSECURE_ALGORITHM
@@ -236,13 +237,13 @@ static int get_certificate_path(const char *format,
 }
 
 int proxy_certificate_path(const char *hostname, char *path, size_t size) {
-    return get_certificate_path(PROXY_SERVER_CERT_FORMAT,
+    return get_certificate_path(PROXY_SERVER_CERT_FILE_FORMAT,
                                 hostname, path, size);
 }
 
 int server_certificate_file(FILE **file, const char *hostname,
                             char *path, size_t size) {
-    if (get_certificate_path(STORED_SERVER_CERT_FORMAT,
+    if (get_certificate_path(STORED_SERVER_CERT_FILE_FORMAT,
                              hostname, path, size) != 0) {
         LOG_PERROR(ERROR, "server_certificate_file(): failed to get path");
         return -1;