[Openvas-commits] r245 - in trunk/openvas-libraries: . libopenvas

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Jul 2 20:29:35 CEST 2007 

Author: bh
Date: 2007-07-02 20:29:34 +0200 (Mon, 02 Jul 2007)
New Revision: 245

Modified:
   trunk/openvas-libraries/ChangeLog
   trunk/openvas-libraries/libopenvas/network.c
Log:
* libopenvas/network.c (verify_peer_certificate): If the peer
did not send a certificate, treat it as valid.


Modified: trunk/openvas-libraries/ChangeLog
===================================================================
--- trunk/openvas-libraries/ChangeLog	2007-07-02 16:32:07 UTC (rev 244)
+++ trunk/openvas-libraries/ChangeLog	2007-07-02 18:29:34 UTC (rev 245)
@@ -1,5 +1,10 @@
 2007-07-02  Bernhard Herzog  <bh at intevation.de>
 
+	* libopenvas/network.c (verify_peer_certificate): If the peer
+	did not send a certificate, treat it as valid.
+
+2007-07-02  Bernhard Herzog  <bh at intevation.de>
+
 	* libopenvas/network.c (OVAS_CONNECTION_FROM_FD): New. Macro to
 	determine the nessus_connection* given a nessus file descriptor
 	(nessus_register_connection, ovas_allocate_connection): Most of

Modified: trunk/openvas-libraries/libopenvas/network.c
===================================================================
--- trunk/openvas-libraries/libopenvas/network.c	2007-07-02 16:32:07 UTC (rev 244)
+++ trunk/openvas-libraries/libopenvas/network.c	2007-07-02 18:29:34 UTC (rev 245)
@@ -557,7 +557,8 @@
  * Verifies the peer's certificate.  If the certificate is not valid or
  * cannot be verified, the function prints diagnostics to stderr and
  * returns -1.  If the certificate was verified successfully the
- * function returns 0.
+ * function returns 0.  If the peer did not send a certificate, the
+ * function also returns 0.
  */
 static int
 verify_peer_certificate(gnutls_session_t session)
@@ -577,6 +578,10 @@
   int i;
 
   ret = gnutls_certificate_verify_peers2(session, &status);
+  if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND)
+    /* The peer did not send a certificate.  We treat it as a valid
+     * certificate in this function */
+    return 0;
   if (ret < 0)
     {
       tlserror("gnutls_certificate_verify_peers2", ret);

More information about the Openvas-commits mailing list