]> granicus.if.org Git - neomutt/commitdiff
projects / neomutt / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b99c005)
Don't prompt to save certificates that are already saved but invalid.
authorMiroslav Lichvar <mlichvar@redhat.com>
Thu, 28 May 2009 05:55:26 +0000 (22:55 -0700)
committerMiroslav Lichvar <mlichvar@redhat.com>
Thu, 28 May 2009 05:55:26 +0000 (22:55 -0700)
ChangeLog patch | blob | history
mutt_ssl_gnutls.c patch | blob | history

diff --git a/ChangeLog b/ChangeLog
index d652e6d5ba97f67abc264ebf33a3b7c3b7f721c6..86331669d98c7d3d26e0396848a0e3b57df78b8b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2009-05-27 22:52 -0700  Brendan Cully  <brendan@kublai.com>  (90ef283c103e)
+
+       * mutt_ssl_gnutls.c: Don't leak gnutls certs on preauth validation
+       failure. Thanks to Miroslav Lichvar.
+
+       * mutt_ssl.c: Fix TLS certificate chain validation for
+       openssl.
+
 2009-05-25 17:31 -0700  Brendan Cully  <brendan@kublai.com>  (8f11dd00c770)
 
        * mutt_ssl_gnutls.c: Fix a serious oversight validating TLS
diff --git a/mutt_ssl_gnutls.c b/mutt_ssl_gnutls.c
index e840694e59f01d23d12e554471780d2543f17cb6..09fce71fd3ee3539b46d886edba4e2ab86946686 100644 (file)
--- a/mutt_ssl_gnutls.c
+++ b/mutt_ssl_gnutls.c
@@ -827,8 +827,9 @@ static int tls_check_one_certificate (const gnutls_datum_t *certdata,
   menu->title = title;
   /* certificates with bad dates, or that are revoked, must be
    accepted manually each and every time */
-  if (SslCertFile && !(certerr & (CERTERR_EXPIRED | CERTERR_NOTYETVALID
-                                  | CERTERR_REVOKED)))
+  if (SslCertFile && !savedcert
+        && !(certerr & (CERTERR_EXPIRED | CERTERR_NOTYETVALID
+                        | CERTERR_REVOKED)))
   {
     menu->prompt = _("(r)eject, accept (o)nce, (a)ccept always");
     menu->keys = _("roa");
Unnamed repository; edit this file 'description' to name the repository.