From 3638b837cc03974a5641d69e45bc1d0efd08d034 Mon Sep 17 00:00:00 2001 From: Mike Blumenkrantz Date: Thu, 28 Oct 2010 13:15:36 +0000 Subject: [PATCH] only set openssl verify when needed to avoid some handshake errors SVN revision: 53955 --- legacy/ecore/src/lib/ecore_con/ecore_con_ssl.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/legacy/ecore/src/lib/ecore_con/ecore_con_ssl.c b/legacy/ecore/src/lib/ecore_con/ecore_con_ssl.c index 15dfd382c8..26c586cfb1 100644 --- a/legacy/ecore/src/lib/ecore_con/ecore_con_ssl.c +++ b/legacy/ecore/src/lib/ecore_con/ecore_con_ssl.c @@ -989,8 +989,6 @@ _ecore_con_ssl_server_prepare_openssl(Ecore_Con_Server *svr, int ssl_type) else if (!svr->use_cert) SSL_ERROR_CHECK_GOTO_ERROR(!SSL_CTX_set_cipher_list(svr->ssl_ctx, "aNULL:!eNULL:!LOW:!EXPORT:!ECDH:RSA:AES:!PSK:@STRENGTH")); - SSL_CTX_set_verify(svr->ssl_ctx, SSL_VERIFY_PEER, NULL); - return ECORE_CON_SSL_ERROR_NONE; error: @@ -1068,6 +1066,7 @@ _ecore_con_ssl_server_init_openssl(Ecore_Con_Server *svr) /* not verifying certificates, so we're done! */ return ECORE_CON_SSL_ERROR_NONE; + SSL_set_verify(svr->ssl, SSL_VERIFY_PEER, NULL); /* use CRL/CA lists to verify */ if (SSL_get_peer_certificate(svr->ssl)) SSL_ERROR_CHECK_GOTO_ERROR(SSL_get_verify_result(svr->ssl)); @@ -1297,7 +1296,7 @@ _ecore_con_ssl_client_init_openssl(Ecore_Con_Client *cl) if (!cl->host_server->verify) /* not verifying certificates, so we're done! */ return ECORE_CON_SSL_ERROR_NONE; - + SSL_set_verify(cl->ssl, SSL_VERIFY_PEER, NULL); /* use CRL/CA lists to verify */ if (SSL_get_peer_certificate(cl->ssl)) SSL_ERROR_CHECK_GOTO_ERROR(SSL_get_verify_result(cl->ssl));