Changeset 1184:8c340f832127 in freeDiameter for libfdcore
- Timestamp:
- Jun 6, 2013, 8:05:36 PM (11 years ago)
- Branch:
- default
- Phase:
- public
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
libfdcore/config.c
r1181 r1184 279 279 } 280 280 281 /* If the CA is not provided, let's use the same file (assuming self-signed certificate) */282 if ((!fd_g_config->cnf_sec_data.tls_disabled) && (!fd_g_config->cnf_sec_data.ca_file)) {283 CHECK_MALLOC( fd_g_config->cnf_sec_data.ca_file = strdup(fd_g_config->cnf_sec_data.cert_file) );284 CHECK_GNUTLS_DO( fd_g_config->cnf_sec_data.ca_file_nr += gnutls_certificate_set_x509_trust_file(285 fd_g_config->cnf_sec_data.credentials,286 fd_g_config->cnf_sec_data.ca_file,287 GNUTLS_X509_FMT_PEM),288 {289 TRACE_ERROR("Unable to use the local certificate as trusted security anchor (CA), please provide a valid TLS_CA='...' directive.");290 return EINVAL;291 } );292 }293 294 295 281 /* Resolve hostname if not provided */ 296 282 if (fd_g_config->cnf_diamid == NULL) { … … 453 439 fd_log_debug("TLS: Local certificate chain '%s' is invalid :", fd_g_config->cnf_sec_data.cert_file); 454 440 if (output & GNUTLS_CERT_SIGNER_NOT_FOUND) 455 TRACE_ERROR(" - The certificate hasn't got a known issuer. ");441 TRACE_ERROR(" - The certificate hasn't got a known issuer. Did you forget to specify TLS_CA ?"); 456 442 if (output & GNUTLS_CERT_SIGNER_NOT_CA) 457 443 TRACE_ERROR(" - The certificate signer is not a CA, or uses version 1, or 3 without basic constraints.");
Note: See TracChangeset
for help on using the changeset viewer.