From: Simon Ruderich <simon@ruderich.org>
Date: Thu, 8 Aug 2013 19:33:18 +0000 (+0200)
Subject: Minor documentation update.
X-Git-Url: https://ruderich.org/simon/gitweb/?p=tlsproxy%2Ftlsproxy.git;a=commitdiff_plain;h=8c4ae426c578d53c7afcbcbc178c96a7da3614c2

Minor documentation update.
---

diff --git a/src/tlsproxy.c b/src/tlsproxy.c
index f7b9f27..8b9b6d9 100644
--- a/src/tlsproxy.c
+++ b/src/tlsproxy.c
@@ -375,7 +375,7 @@ static void initialize_gnutls(void) {
     gnutls_datum_t dh_parameters_datum;
 
 /* Recent versions of GnuTLS automatically initialize the cryptography layer
- * in gnutls_global_init(). */
+ * in gnutls_global_init(), including a thread-safe setup. */
 #if GNUTLS_VERSION_NUMBER <= 0x020b00
     gcry_error_t error;
 
diff --git a/src/verify.c b/src/verify.c
index f68d1bb..7031c28 100644
--- a/src/verify.c
+++ b/src/verify.c
@@ -79,7 +79,8 @@ int verify_tls_connection(gnutls_session_t session, const char *hostname) {
             gnutls_strerror(result));
         return -1;
     }
-    /* Definitely an invalid certificate, abort. */
+    /* Definitely an invalid certificate, abort. We don't perform any CA
+     * verification so don't check for GNUTLS_CERT_INVALID. */
     if (status & GNUTLS_CERT_REVOKED
             || status & GNUTLS_CERT_SIGNER_NOT_CA
             || status & GNUTLS_CERT_INSECURE_ALGORITHM