From 4bc13bf709850eb7844c5cb8351e2acd30d25ed9 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 11 Jan 2015 13:05:28 +0200
Subject: [PATCH] GnuTLS: Check for any unknown verification failure

After having checked all known GNUTLS_CERT_* error cases that we care
about, check that no other errors have been indicated by
gnutls_certificate_verify_peers2() as a reason to reject negotiation.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/crypto/tls_gnutls.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/crypto/tls_gnutls.c b/src/crypto/tls_gnutls.c
index cfee60665..cdfb4f9c7 100644
--- a/src/crypto/tls_gnutls.c
+++ b/src/crypto/tls_gnutls.c
@@ -713,6 +713,13 @@ static int tls_connection_verify_peer(gnutls_session_t session)
 		goto out;
 	}
 
+	if (status != 0) {
+		wpa_printf(MSG_INFO, "TLS: Unknown verification status: %d",
+			   status);
+		err = GNUTLS_A_INTERNAL_ERROR;
+		goto out;
+	}
+
 	os_get_time(&now);
 
 	certs = gnutls_certificate_get_peers(session, &num_certs);
-- 
2.47.2