gnutls-cli will no longer allow the session to proceed if DANE verification fails.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2014-04-19 01:21:45 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2014-04-19 01:30:22 +0200
commit: 13a4dbb6e98fd6c336d12e35095d603a894d49aa (patch)
tree: 1e9ee4e1d00b1b3c2e3323fef30a872dc57c3280 /src/cli.c
parent: 2979bddcf955448abe97a2395e643b9c578809e5 (diff)
download: gnutls-13a4dbb6e98fd6c336d12e35095d603a894d49aa.tar.gz
1 files changed, 5 insertions, 4 deletions
diff --git a/src/cli.c b/src/cli.c
index f3dc435101..d1a43fc7ad 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -483,12 +483,13 @@ static int cert_verify_callback(gnutls_session_t session)
 			if (rc < 0) {
 				fprintf(stderr, "*** DANE error: %s\n",
 					dane_strerror(rc));
-				if (!insecure && !ssh)
-					return -1;
+			} else {
+				fprintf(stderr, "- DANE: %s\n", out.data);
+				gnutls_free(out.data);
 			}
 
-			fprintf(stderr, "- DANE: %s\n", out.data);
-			gnutls_free(out.data);
+			if (!insecure && !ssh)
+				return -1;
 		}
 
 	}
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2014-04-19 01:21:45 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2014-04-19 01:30:22 +0200
commit	13a4dbb6e98fd6c336d12e35095d603a894d49aa (patch)
tree	1e9ee4e1d00b1b3c2e3323fef30a872dc57c3280 /src/cli.c
parent	2979bddcf955448abe97a2395e643b9c578809e5 (diff)
download	gnutls-13a4dbb6e98fd6c336d12e35095d603a894d49aa.tar.gz