Trivial change to option c), see http://savannah.gnu.org/bugs/?41331.
> f. Just read .pem and .crt file This might introduce regressions. These extensions are not standardized, at least not that I know of. E.g. the Java cert package is a single file named 'cacerts'. Tim
From 52ad0a54c6ac578d2663a3a902dfea9ca472552c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim Rühsen?= <[email protected]> Date: Tue, 18 Nov 2014 14:23:27 +0100 Subject: [PATCH] Report load failure of cert files only with --debug Fixes #41331 --- src/ChangeLog | 5 +++++ src/gnutls.c | 3 +-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 87b1feb..34d6258 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,10 @@ 2014-11-17 Tim Ruehsen <[email protected]> + * gnutls.c (ssl_init): Report load failure of cert files from + cert directory only with --debug. Fixes #41331. + +2014-11-17 Tim Ruehsen <[email protected]> + * http.c: use c_strncasecmp() in BEGINS_WITH macro and in STARTS macro diff --git a/src/gnutls.c b/src/gnutls.c index 1744245..dc9444f 100644 --- a/src/gnutls.c +++ b/src/gnutls.c @@ -138,8 +138,7 @@ ssl_init (void) hash_table_put (inode_map, (void *)(intptr_t) st.st_ino, NULL); if ((rc = gnutls_certificate_set_x509_trust_file (credentials, ca_file, GNUTLS_X509_FMT_PEM)) <= 0) - logprintf (LOG_NOTQUIET, _("ERROR: Failed to open cert %s: (%d).\n"), - ca_file, rc); + DEBUGP (("WARNING: Failed to open cert %s: (%d).\n", ca_file, rc)); else ncerts += rc; } -- 2.1.3
signature.asc
Description: This is a digitally signed message part.
