#include "tlsproxy.h"
#include "verify.h"
-/* errno */
#include <errno.h>
-/* gnutls_x509_*() */
+
#include <gnutls/x509.h>
unsigned int cert_list_size;
FILE *file;
char buffer[66]; /* one line in a PEM file is 64 bytes + '\n' + '\0' */
- char server_cert[8192];
- char stored_cert[8192];
+ char server_cert[16384];
+ char stored_cert[16384];
result = gnutls_certificate_verify_peers2(session, &status);
/* Verification failed (!= invalid certificate but worse), no need for any
strcat(stored_cert, buffer);
}
if (ferror(file)) {
- fclose(file);
LOG(LOG_WARNING,
"verify_tls_connection(): failed to read from '%s': %s",
path, strerror(errno));
+ fclose(file);
LOG(LOG_DEBUG, "server certificate:\n%s", server_cert);
return -1;
fclose(file);
/* Check if the server certificate matches our stored certificate. */
- if (strcmp(stored_cert, server_cert) != 0) {
+ if (strcmp(stored_cert, server_cert)) {
LOG(LOG_ERROR,
"verify_tls_connection(): server certificate changed!",
path, strerror(errno));