Don't prevent compilation on GnuTLS <3.5.0, and add comment on OpenSS…

…L/GnuTLS difference Discussion of OpenSSL/GnuTLS difference with client cert issuer mistmatch: https: //github.com/curl/curl/issues/1411 Signed-off-by: Daniel Lenski <dlenski@gmail.com>
sailfishos-mirror · Mar 30, 2020 · 6345f7b · 6345f7b
1 parent c698cca
commit 6345f7b
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/gnutls.c b/gnutls.c
@@ -56,6 +56,14 @@ static int gnutls_pin_callback(void *priv, int attempt, const char *uri,
 #define GNUTLS_E_PREMATURE_TERMINATION GNUTLS_E_UNEXPECTED_PACKET_LENGTH
 #endif
 
+/* GnuTLS 3.5.0 added this flag to send a client cert, even if its issuer is
+ * mismatched to the list of issuers requested by the server. OpenSSL does
+ * this by default.
+ * https://github.com/curl/curl/issues/1411
+ */
+#ifndef GNUTLS_FORCE_CLIENT_CERT
+#define GNUTLS_FORCE_CLIENT_CERT 0
+#endif
 
 /* Compile-time optimisable GnuTLS version check. We should never be
  * run against a version of GnuTLS which is *older* than the one we