From f992ba117fe420a7231f005e62627380689d57ab Mon Sep 17 00:00:00 2001
From: Jaakko Keränen <jaakko.keranen@iki.fi>
Date: Tue, 2 Mar 2021 13:05:02 +0200
Subject: Server certificates may also be verified by CAs

If the CA file/path are configured in preferences, trust CA verification
over manual TOFU checks.
---
 src/gmrequest.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/gmrequest.c')

diff --git a/src/gmrequest.c b/src/gmrequest.c
index 0208dc94..ea0a2d80 100644
--- a/src/gmrequest.c
+++ b/src/gmrequest.c
@@ -163,6 +163,9 @@ static void checkServerCertificate_GmRequest_(iGmRequest *d) {
         if (checkTrust_GmCerts(d->certs, domain, cert)) {
             resp->certFlags |= trusted_GmCertFlag;
         }
+        if (verify_TlsCertificate(cert) == authority_TlsCertificateVerifyStatus) {
+            resp->certFlags |= authorityVerified_GmCertFlag;
+        }
         validUntil_TlsCertificate(cert, &resp->certValidUntil);
         set_String(&resp->certSubject, collect_String(subject_TlsCertificate(cert)));
     }
-- 
cgit v1.2.3