mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
ITS#5992 trust X509v1 CA certs
This commit is contained in:
parent
91c359e17a
commit
54ed3779d6
@ -349,6 +349,13 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
|
||||
if ( rc < 0 ) return -1;
|
||||
rc = 0;
|
||||
}
|
||||
|
||||
/* FIXME: ITS#5992 - this should go be configurable,
|
||||
* and V1 CA certs should be phased out ASAP.
|
||||
*/
|
||||
gnutls_certificate_set_verify_flags( ctx->cred,
|
||||
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT );
|
||||
|
||||
if ( is_server ) {
|
||||
gnutls_dh_params_init(&ctx->dh_params);
|
||||
gnutls_dh_params_generate2(ctx->dh_params, DH_BITS);
|
||||
|
Loading…
Reference in New Issue
Block a user