#endif
gnutls_certificate_set_x509_trust_file(state->x509_cred,
CS state->exp_tls_verify_certificates, GNUTLS_X509_FMT_PEM);
+
+#ifdef SUPPORT_CA_DIR
+ /* Mimic the behaviour with OpenSSL of not advertising a usable-cert list
+ when using the directory-of-certs config model. */
+
+ if ((statbuf.st_mode & S_IFMT) == S_IFDIR)
+ gnutls_certificate_send_x509_rdn_sequence(state->session, 1);
+#endif
}
if (cert_count < 0)
}
#ifndef DISABLE_OCSP
-if (require_ocsp)
+if (request_ocsp)
{
DEBUG(D_tls)
{
{
tlsp->ocsp = OCSP_FAILED;
tls_error(US"certificate status check failed", NULL, state->host, errstr);
- return FALSE;
+ if (require_ocsp)
+ return FALSE;
+ }
+ else
+ {
+ DEBUG(D_tls) debug_printf("Passed OCSP checking\n");
+ tlsp->ocsp = OCSP_VFIED;
}
- DEBUG(D_tls) debug_printf("Passed OCSP checking\n");
- tlsp->ocsp = OCSP_VFIED;
}
#endif