From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Thu, 28 May 2009 05:55:26 +0000 (-0700)
Subject: Don't prompt to save certificates that are already saved but invalid.
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7a28961db9f52e019d4a0ff7644b962d846e479d;p=mutt

Don't prompt to save certificates that are already saved but invalid.
---

diff --git a/ChangeLog b/ChangeLog
index d652e6d5..86331669 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2009-05-27 22:52 -0700  Brendan Cully  <brendan@kublai.com>  (90ef283c103e)
+
+	* mutt_ssl_gnutls.c: Don't leak gnutls certs on preauth validation
+	failure. Thanks to Miroslav Lichvar.
+
+	* mutt_ssl.c: Fix TLS certificate chain validation for
+	openssl.
+
 2009-05-25 17:31 -0700  Brendan Cully  <brendan@kublai.com>  (8f11dd00c770)
 
 	* mutt_ssl_gnutls.c: Fix a serious oversight validating TLS
diff --git a/mutt_ssl_gnutls.c b/mutt_ssl_gnutls.c
index e840694e..09fce71f 100644
--- a/mutt_ssl_gnutls.c
+++ b/mutt_ssl_gnutls.c
@@ -827,8 +827,9 @@ static int tls_check_one_certificate (const gnutls_datum_t *certdata,
   menu->title = title;
   /* certificates with bad dates, or that are revoked, must be
    accepted manually each and every time */
-  if (SslCertFile && !(certerr & (CERTERR_EXPIRED | CERTERR_NOTYETVALID
-                                  | CERTERR_REVOKED)))
+  if (SslCertFile && !savedcert
+        && !(certerr & (CERTERR_EXPIRED | CERTERR_NOTYETVALID
+                        | CERTERR_REVOKED)))
   {
     menu->prompt = _("(r)eject, accept (o)nce, (a)ccept always");
     menu->keys = _("roa");