Allow X509 v1 certificates.

diff --git a/src/ChangeLog b/src/ChangeLog
index a973ddd394d4eb48cab5ca2bd36f4d822442b1e4..efecdc82f74304f9ce094530fae618c937b17a28 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2011-04-07  Giuseppe Scrivano  <gscrivano@gnu.org>
+
+       * gnutls.c (ssl_init): Allow X509 v1 certificates.
+       Suggested by: Ray Satiro <raysatiro@yahoo.com>
+
 2011-04-07  Ray Satiro  <raysatiro@yahoo.com> (tiny change)
 
        (wgnutls_read): Check for the GNUTLS_E_AGAIN return code in the recv

diff --git a/src/gnutls.c b/src/gnutls.c
index 34a619ca610dc396c9f048a95989fa6f26955847..50957e5c3e74c87dc9f707f789590502d31dec51 100644 (file)
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -67,6 +67,8 @@ ssl_init ()
 
   gnutls_global_init ();
   gnutls_certificate_allocate_credentials (&credentials);
+  gnutls_certificate_set_verify_flags(credentials,
+                                      GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
 
   ca_directory = opt.ca_directory ? opt.ca_directory : "/etc/ssl/certs";