From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Thu, 28 May 2009 05:55:26 +0000 (-0700)
Subject: Don't prompt to save certificates that are already saved but invalid.
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ee47b955a0742c8dfc4efbb355548c458d2f2198;p=neomutt

Don't prompt to save certificates that are already saved but invalid.
---

diff --git a/ChangeLog b/ChangeLog
index d652e6d5b..86331669d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2009-05-27 22:52 -0700  Brendan Cully  <brendan@kublai.com>  (90ef283c103e)
+
+	* mutt_ssl_gnutls.c: Don't leak gnutls certs on preauth validation
+	failure. Thanks to Miroslav Lichvar.
+
+	* mutt_ssl.c: Fix TLS certificate chain validation for
+	openssl.
+
 2009-05-25 17:31 -0700  Brendan Cully  <brendan@kublai.com>  (8f11dd00c770)
 
 	* mutt_ssl_gnutls.c: Fix a serious oversight validating TLS
diff --git a/mutt_ssl_gnutls.c b/mutt_ssl_gnutls.c
index e840694e5..09fce71fd 100644
--- a/mutt_ssl_gnutls.c
+++ b/mutt_ssl_gnutls.c
@@ -827,8 +827,9 @@ static int tls_check_one_certificate (const gnutls_datum_t *certdata,
   menu->title = title;
   /* certificates with bad dates, or that are revoked, must be
    accepted manually each and every time */
-  if (SslCertFile && !(certerr & (CERTERR_EXPIRED | CERTERR_NOTYETVALID
-                                  | CERTERR_REVOKED)))
+  if (SslCertFile && !savedcert
+        && !(certerr & (CERTERR_EXPIRED | CERTERR_NOTYETVALID
+                        | CERTERR_REVOKED)))
   {
     menu->prompt = _("(r)eject, accept (o)nce, (a)ccept always");
     menu->keys = _("roa");