X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=src%2Fverify.c;h=dfc6bfb2930c4f1f31dc2775bfb8cd600e50075d;hb=772b48529c4ed7b7e81846c3b56075aaf97e9ea6;hp=96c49a51b7f23ff0502dbfeeec3d1163052943ed;hpb=c5059d4c1e7f0de5a466d471e7ee26b6ccce8396;p=tlsproxy%2Ftlsproxy.git

diff --git a/src/verify.c b/src/verify.c
index 96c49a5..dfc6bfb 100644
--- a/src/verify.c
+++ b/src/verify.c
@@ -20,9 +20,8 @@
 #include "tlsproxy.h"
 #include "verify.h"
 
-/* errno */
 #include <errno.h>
-/* gnutls_x509_*() */
+
 #include <gnutls/x509.h>
 
 
@@ -41,8 +40,8 @@ int verify_tls_connection(gnutls_session_t session, const char *hostname) {
     unsigned int cert_list_size;
     FILE *file;
     char buffer[66]; /* one line in a PEM file is 64 bytes + '\n' + '\0' */
-    char server_cert[8192];
-    char stored_cert[8192];
+    char server_cert[16384];
+    char stored_cert[16384];
 
     result = gnutls_certificate_verify_peers2(session, &status);
     /* Verification failed (!= invalid certificate but worse), no need for any
@@ -148,7 +147,7 @@ int verify_tls_connection(gnutls_session_t session, const char *hostname) {
     fclose(file);
 
     /* Check if the server certificate matches our stored certificate. */
-    if (strcmp(stored_cert, server_cert) != 0) {
+    if (strcmp(stored_cert, server_cert)) {
         LOG(LOG_ERROR,
             "verify_tls_connection(): server certificate changed!",
             path, strerror(errno));