Fix gnutls (a)lways to properly save for all certerr values.

For the case of SIGNERNOTCA, INSECUREALG, or a newer unhandled value,
the "(a)ccept always" prompt was allowed, but the cert saving was
prevented by a check only against NOTTRUSTED.  This ended up giving a
strange error message saying the cert was not saved.

Fix to save the cert for all errors except HOSTNAME (which is handled
separately).

diff --git a/mutt_ssl_gnutls.c b/mutt_ssl_gnutls.c
index 77346a48878d9898b5149bf3b4b0cd71640ed17d..42ba14479b6c26d7c044f7b1331128603614e7d7 100644 (file)
--- a/mutt_ssl_gnutls.c
+++ b/mutt_ssl_gnutls.c
@@ -1053,7 +1053,8 @@ static int tls_check_one_certificate (const gnutls_datum_t *certdata,
            fprintf(fp, "#H %s %s\n", hostname, fpbuf);
            done = 1;
          }
-         if (certerr & CERTERR_NOTTRUSTED)
+          /* Save the cert for all other errors */
+         if (certerr ^ CERTERR_HOSTNAME)
          {
             done = 0;
            ret = gnutls_pem_base64_encode_alloc ("CERTIFICATE", certdata,