dir = opendir (ca_directory);
if (dir == NULL)
{
- if (opt.ca_directory)
+ if (opt.ca_directory && *opt.ca_directory)
logprintf (LOG_NOTQUIET, _("ERROR: Cannot open directory %s.\n"),
opt.ca_directory);
}
{
struct wgnutls_transport_context *ctx;
gnutls_session_t session;
- int err;
+ int err,alert;
gnutls_init (&session, GNUTLS_CLIENT);
+ const char *str;
/* We set the server name but only if it's not an IP address. */
if (! is_valid_ip_address (hostname))
break;
case secure_protocol_sslv2:
case secure_protocol_sslv3:
- err = gnutls_priority_set_direct (session, "NORMAL:-VERS-TLS-ALL", NULL);
+ err = gnutls_priority_set_direct (session, "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0", NULL);
break;
case secure_protocol_tlsv1:
err = gnutls_priority_set_direct (session, "NORMAL:-VERS-SSL3.0", NULL);
return false;
}
- err = gnutls_handshake (session);
+ /* We don't stop the handshake process for non-fatal errors */
+ do
+ {
+ err = gnutls_handshake (session);
+ if (err < 0)
+ {
+ logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err));
+ if (err == GNUTLS_E_WARNING_ALERT_RECEIVED ||
+ err == GNUTLS_E_FATAL_ALERT_RECEIVED)
+ {
+ alert = gnutls_alert_get (session);
+ str = gnutls_alert_get_name (alert);
+ if (str == NULL)
+ str = "(unknown)";
+ logprintf (LOG_NOTQUIET, "GnuTLS: received alert [%d]: %s\n", alert, str);
+ }
+ }
+ }
+ while (err == GNUTLS_E_WARNING_ALERT_RECEIVED && gnutls_error_is_fatal (err) == 0);
+
if (err < 0)
{
- logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err));
gnutls_deinit (session);
return false;
}