gnutls_strerror(result));
return -1;
}
- /* Definitely an invalid certificate, abort. */
+ /* Definitely an invalid certificate, abort. We don't perform any CA
+ * verification so don't check for GNUTLS_CERT_INVALID. */
if (status & GNUTLS_CERT_REVOKED
|| status & GNUTLS_CERT_SIGNER_NOT_CA
|| status & GNUTLS_CERT_INSECURE_ALGORITHM