serv, cli: ensure that invalid flag is always set

According to the documentation, the GNUTLS_CERT_INVALID flag must
always be set in case of verification failure, together with the flag
indicating the actual error cause.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/src/common.c b/src/common.c
index 753481741bbf973b9d75c42932956e0eebb9a718..2dc54d09bf625007a7bf4f3ad47fd2b5fb853626 100644 (file)
--- a/src/common.c
+++ b/src/common.c
@@ -282,8 +282,11 @@ int cert_verify(gnutls_session_t session, const char *hostname, const char *purp
 
        gnutls_free(out.data);
 
-       if (status)
+       if (status) {
+               if (!(status & GNUTLS_CERT_INVALID))
+                       abort();
                return 0;
+       }
 
        return 1;
 }