Changeset 200e151 for lib/ssl_openssl.c


Ignore:
Timestamp:
2011-12-23T22:40:17Z (8 years ago)
Author:
Wilmer van der Gaast <wilmer@…>
Branches:
master
Children:
5513f3e
Parents:
792a93b
Message:

tls_verify correction: Don't fail cert verification in non-GnuTLS modules
unless "cafile" setting is enabled.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • lib/ssl_openssl.c

    r792a93b r200e151  
    9191        conn->data = data;
    9292        conn->inpa = -1;
    93         conn->verify = verify;
     93        conn->verify = verify && global.conf->cafile;
    9494       
    9595        /* This function should be called via a (short) timeout instead of
     
    119119        SSL_METHOD *meth;
    120120       
    121         /* Right now we don't have any verification functionality for openssl so we
    122            fail in case verification has been requested by the user. */
     121        /* Right now we don't have any verification functionality for OpenSSL. */
    123122
    124123        if( conn->verify )
    125124        {
    126                 conn->func( conn->data, OPENSSL_VERIFY_ERROR, NULL, cond );
     125                conn->func( conn->data, 1, NULL, cond );
    127126                if( source >= 0 ) closesocket( source );
    128127                g_free( conn );
Note: See TracChangeset for help on using the changeset viewer.