Blame proftpd-1.3.4a-bug3742.patch
|
 |
8abab90 |
Index: contrib/mod_tls.c
|
|
|
8abab90 |
===================================================================
|
|
|
8abab90 |
RCS file: /cvsroot/proftp/proftpd/contrib/mod_tls.c,v
|
|
|
8abab90 |
retrieving revision 1.268
|
|
|
8abab90 |
diff -u -r1.268 mod_tls.c
|
|
|
8abab90 |
--- contrib/mod_tls.c 23 Jan 2012 01:53:28 -0000 1.268
|
|
|
8abab90 |
+++ contrib/mod_tls.c 10 Feb 2012 02:12:23 -0000
|
|
|
8abab90 |
@@ -4415,6 +4415,7 @@
|
|
|
8abab90 |
case X509_V_ERR_CERT_HAS_EXPIRED:
|
|
|
8abab90 |
case X509_V_ERR_CERT_REVOKED:
|
|
|
8abab90 |
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
|
|
|
8abab90 |
+ case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
|
|
|
8abab90 |
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
|
|
|
8abab90 |
case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
|
|
|
8abab90 |
case X509_V_ERR_APPLICATION_VERIFICATION:
|
|
|
8abab90 |
@@ -4439,17 +4440,6 @@
|
|
|
8abab90 |
break;
|
|
|
8abab90 |
}
|
|
|
8abab90 |
|
|
|
8abab90 |
- case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
|
|
|
8abab90 |
- /* XXX this is strange. we get this error for certain clients
|
|
|
8abab90 |
- * (i.e. Jeff Altman's kftp) when all is ok. I think it's because the
|
|
|
8abab90 |
- * client is actually sending the whole CA cert. This must be figured
|
|
|
8abab90 |
- * out, but we let it pass for now. If the CA cert isn't available
|
|
|
8abab90 |
- * locally, we will fail anyway.
|
|
|
8abab90 |
- */
|
|
|
8abab90 |
- tls_log("%s", X509_verify_cert_error_string(ctx->error));
|
|
|
8abab90 |
- ok = 1;
|
|
|
8abab90 |
- break;
|
|
|
8abab90 |
-
|
|
|
8abab90 |
default:
|
|
|
8abab90 |
tls_log("error verifying client certificate: [%d] %s",
|
|
|
8abab90 |
ctx->error, X509_verify_cert_error_string(ctx->error));
|