mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
ITS#5992 trust X509v1 CA certs
This commit is contained in:
parent
91c359e17a
commit
54ed3779d6
@ -349,6 +349,13 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
|
|||||||
if ( rc < 0 ) return -1;
|
if ( rc < 0 ) return -1;
|
||||||
rc = 0;
|
rc = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* FIXME: ITS#5992 - this should go be configurable,
|
||||||
|
* and V1 CA certs should be phased out ASAP.
|
||||||
|
*/
|
||||||
|
gnutls_certificate_set_verify_flags( ctx->cred,
|
||||||
|
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT );
|
||||||
|
|
||||||
if ( is_server ) {
|
if ( is_server ) {
|
||||||
gnutls_dh_params_init(&ctx->dh_params);
|
gnutls_dh_params_init(&ctx->dh_params);
|
||||||
gnutls_dh_params_generate2(ctx->dh_params, DH_BITS);
|
gnutls_dh_params_generate2(ctx->dh_params, DH_BITS);
|
||||||
|
Loading…
Reference in New Issue
Block a user