https://bugs.exim.org/show_bug.cgi?id=2389
Git Commit <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #8 from Git Commit <[email protected]> --- Git commit: https://git.exim.org/exim.git/commitdiff/12d95aa62042377fc9f603245a17a43142972447 commit 12d95aa62042377fc9f603245a17a43142972447 Author: Jeremy Harris <[email protected]> AuthorDate: Sun May 19 12:12:36 2019 +0100 Commit: Jeremy Harris <[email protected]> CommitDate: Sun May 19 12:12:36 2019 +0100 GnuTLS: fix the advertising of acceptable certs by the server. Bug 2389 --- doc/doc-txt/ChangeLog | 4 ++++ src/src/tls-gnu.c | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index a204b37..98a4735 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -98,6 +98,10 @@ JH/19 Bug 2398: fix listing of a named-queue. Previously, even with the option queue_list_requires_admin set to false, non-admin users were denied the facility. +JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in + directory-of-certs mode. Previously they were advertised despite the + documentation. + Exim version 4.92 ----------------- diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index dc8cdab..423c3a2 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -1143,6 +1143,14 @@ else #endif gnutls_certificate_set_x509_trust_file(state->x509_cred, CS state->exp_tls_verify_certificates, GNUTLS_X509_FMT_PEM); + +#ifdef SUPPORT_CA_DIR + /* Mimic the behaviour with OpenSSL of not advertising a usable-cert list + when using the directory-of-certs config model. */ + + if ((statbuf.st_mode & S_IFMT) == S_IFDIR) + gnutls_certificate_send_x509_rdn_sequence(state->session, 1); +#endif } if (cert_count < 0) -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
