2012-09-19 [colin] 3.8.1cvs64

[claws.git] / src / common / ssl.c

diff --git a/src/common/ssl.c b/src/common/ssl.c
index c87ed4316784eeca832aff075c6a9d9041811af7..e64be3b3889f6f14d10afc4a0fcb744ce953727b 100644 (file)
--- a/src/common/ssl.c
+++ b/src/common/ssl.c
@@ -266,9 +266,6 @@ gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method)
        if (session == NULL || r != 0)
                return FALSE;
 
-#if GNUTLS_VERSION_NUMBER < 0x030003
-       gnutls_transport_set_lowat (session, 0); 
-#endif
        if (method == 0)
                gnutls_priority_set_direct(session, "NORMAL:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.2", NULL);
        else
@@ -288,7 +285,7 @@ gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method)
        }
        gnutls_certificate_set_verify_flags (xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
 
-       gnutls_transport_set_ptr(session, (gnutls_transport_ptr) sockinfo->sock);
+       gnutls_transport_set_ptr(session, (gnutls_transport_ptr) GINT_TO_POINTER(sockinfo->sock));
        gnutls_session_set_ptr(session, sockinfo);
        gnutls_certificate_client_set_retrieve_function(xcred, gnutls_client_cert_cb);
 
@@ -316,7 +313,7 @@ gboolean ssl_init_socket_with_method(SockInfo *sockinfo, SSLMethod method)
 
        r = gnutls_certificate_verify_peers2(session, &status);
 
-       if (!ssl_certificate_check(cert, status, sockinfo->hostname, sockinfo->port)) {
+       if (r < 0 || !ssl_certificate_check(cert, status, sockinfo->hostname, sockinfo->port)) {
                gnutls_x509_crt_deinit(cert);
                gnutls_certificate_free_credentials(xcred);
                gnutls_deinit(session);