summaryrefslogtreecommitdiff
path: root/mail/mutt/files/patch-gnutls-CN-validation
diff options
context:
space:
mode:
Diffstat (limited to 'mail/mutt/files/patch-gnutls-CN-validation')
-rw-r--r--mail/mutt/files/patch-gnutls-CN-validation29
1 files changed, 29 insertions, 0 deletions
diff --git a/mail/mutt/files/patch-gnutls-CN-validation b/mail/mutt/files/patch-gnutls-CN-validation
new file mode 100644
index 000000000000..e19608b86571
--- /dev/null
+++ b/mail/mutt/files/patch-gnutls-CN-validation
@@ -0,0 +1,29 @@
+--- mutt_ssl_gnutls.c.orig
++++ mutt_ssl_gnutls.c
+@@ -999,6 +999,7 @@
+ unsigned int cert_list_size = 0;
+ gnutls_certificate_status certstat;
+ int certerr, i, preauthrc, savedcert, rc = 0;
++ int rcpeer;
+
+ if (gnutls_auth_get_type (state) != GNUTLS_CRD_CERTIFICATE)
+ {
+@@ -1024,6 +1025,9 @@
+ for (i = 0; i < cert_list_size; i++) {
+ rc = tls_check_preauth(&cert_list[i], certstat, conn->account.host, i,
+ &certerr, &savedcert);
++ if (i == 0)
++ rcpeer = rc;
++
+ preauthrc += rc;
+
+ if (savedcert)
+@@ -1049,7 +1053,7 @@
+ dprint (1, (debugfile, "error trusting certificate %d: %d\n", i, rc));
+
+ certstat = tls_verify_peers (state);
+- if (!certstat)
++ if (!certstat && !rcpeer)
+ return 1;
+ }
+ }
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-31 09:30:45 +0000