TLS client: fix certificate loading from file

gnutls_certificate_set_x509_trust_file could theoretically return 0
to indicate nothing was read, so we need to check for this as well.

diff --git a/daemon/tls.c b/daemon/tls.c
index 7c92be92a466e518d40424ece57ae38f50b367f1..cf1080720928181c6c75db46186f5ed91bad0234 100644 (file)
--- a/daemon/tls.c
+++ b/daemon/tls.c
@@ -620,7 +620,7 @@ int tls_client_params_set(map_t *tls_client_paramlist,
                        } else {
                                int res = gnutls_certificate_set_x509_trust_file(entry->credentials, value,
                                                                                 GNUTLS_X509_FMT_PEM);
-                               if (res < 0) {
+                               if (res <= 0) {
                                        kr_log_error("[tls_client] failed to import certificate file '%s' (%s)\n",
                                                     value, gnutls_strerror_name(res));
                                        /* value will be freed at cleanup */