]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
gnutls-cli will no longer allow the session to proceed if DANE verification fails.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 18 Apr 2014 23:21:45 +0000 (01:21 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 18 Apr 2014 23:30:22 +0000 (01:30 +0200)
src/cli.c

index f3dc4351019cfc6907c6ecb46bfb319cf28f0a0a..d1a43fc7ad06e4319f2958b94928d0e9edbc2c03 100644 (file)
--- a/src/cli.c
+++ b/src/cli.c
@@ -483,12 +483,13 @@ static int cert_verify_callback(gnutls_session_t session)
                        if (rc < 0) {
                                fprintf(stderr, "*** DANE error: %s\n",
                                        dane_strerror(rc));
-                               if (!insecure && !ssh)
-                                       return -1;
+                       } else {
+                               fprintf(stderr, "- DANE: %s\n", out.data);
+                               gnutls_free(out.data);
                        }
 
-                       fprintf(stderr, "- DANE: %s\n", out.data);
-                       gnutls_free(out.data);
+                       if (!insecure && !ssh)
+                               return -1;
                }
 
        }