Reverted default behavior for verification and introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT.

Thus by default V1 trusted CAs are allowed, unless the new flag is specified.
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2010-11-26 12:46:16 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2010-11-26 14:00:32 +0100
commit: e22f714d85bb3e659c4f6e357f27c94a9e784c57 (patch)
tree: a640c9e667fece863e763d3041515b85a9994da9 /lib/gnutls_cert.c
parent: d3a61f4ad2874f67e226bb768fecaaab31cb10f0 (diff)
download: gnutls-e22f714d85bb3e659c4f6e357f27c94a9e784c57.tar.gz
1 files changed, 0 insertions, 5 deletions
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 5072c8ec17..633da1c7be 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -606,11 +606,6 @@ _gnutls_openpgp_crt_verify_peers (gnutls_session_t session,
  * This function uses gnutls_x509_crt_list_verify() with the CAs in
  * the credentials as trusted CAs.
  *
- * Note that some commonly used X.509 Certificate Authorities are
- * still using Version 1 certificates.  If you want to accept them,
- * you need to call gnutls_certificate_set_verify_flags() with, e.g.,
- * %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT parameter.
- *
  * Returns: a negative error code on error and zero on success.
  **/
 int
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2010-11-26 12:46:16 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2010-11-26 14:00:32 +0100
commit	e22f714d85bb3e659c4f6e357f27c94a9e784c57 (patch)
tree	a640c9e667fece863e763d3041515b85a9994da9 /lib/gnutls_cert.c
parent	d3a61f4ad2874f67e226bb768fecaaab31cb10f0 (diff)
download	gnutls-e22f714d85bb3e659c4f6e357f27c94a9e784c57.tar.gz