X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=src%2Fverify.c;h=e361e01b56c676c3ac32f9d4532e43c275e0632d;hb=8a50081c2a92d1e91501cd74adb3f3472f2bea2b;hp=487ad2ede213e1fc266d4e890fc5ce5ee50f1980;hpb=62bffb28964ae13d193414f747a25703a2583f77;p=tlsproxy%2Ftlsproxy.git

diff --git a/src/verify.c b/src/verify.c
index 487ad2e..e361e01 100644
--- a/src/verify.c
+++ b/src/verify.c
@@ -40,8 +40,8 @@ int verify_tls_connection(gnutls_session_t session, const char *hostname) {
     unsigned int cert_list_size;
     FILE *file;
     char buffer[66]; /* one line in a PEM file is 64 bytes + '\n' + '\0' */
-    char server_cert[8192];
-    char stored_cert[8192];
+    char server_cert[16384];
+    char stored_cert[16384];
 
     result = gnutls_certificate_verify_peers2(session, &status);
     /* Verification failed (!= invalid certificate but worse), no need for any
@@ -136,10 +136,10 @@ int verify_tls_connection(gnutls_session_t session, const char *hostname) {
         strcat(stored_cert, buffer);
     }
     if (ferror(file)) {
-        fclose(file);
         LOG(LOG_WARNING,
             "verify_tls_connection(): failed to read from '%s': %s",
             path, strerror(errno));
+        fclose(file);
 
         LOG(LOG_DEBUG, "server certificate:\n%s", server_cert);
         return -1;