From caa8c8e884aee29dba56d23bb1685d16fb118788 Mon Sep 17 00:00:00 2001
From: Paul Beckingham <paul@beckingham.net>
Date: Sun, 26 Apr 2015 20:51:08 -0400
Subject: [PATCH] TLS: Fixed cert verification bug

- When a cert was unreadable, instead of exiting verification with a value of
  GNUTLS_E_CERTIFICATE_ERROR, the value was assigned to 'status', which has
  different semantics.
---
 src/TLSClient.cpp | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/TLSClient.cpp b/src/TLSClient.cpp
index ef466d29f..244d94bfd 100644
--- a/src/TLSClient.cpp
+++ b/src/TLSClient.cpp
@@ -298,7 +298,6 @@ int TLSClient::verify_certificate () const
   // This verification function uses the trusted CAs in the credentials
   // structure. So you must have installed one or more CA certificates.
   unsigned int status = 0;
-
   const char* hostname = _host.c_str();
 #if GNUTLS_VERSION_NUMBER >= 0x030104
   if (_trust == TLSClient::ignore_hostname)
@@ -350,7 +349,7 @@ int TLSClient::verify_certificate () const
         if (_debug)
           std::cout << "c: ERROR x509 cert import. " << gnutls_strerror (ret) << "\n";
         gnutls_x509_crt_deinit(cert);
-        status = GNUTLS_E_CERTIFICATE_ERROR;
+        return GNUTLS_E_CERTIFICATE_ERROR;
       }
 
       if (gnutls_x509_crt_check_hostname (cert, hostname) == 0)