diff options
Diffstat (limited to 'src/common')
-rw-r--r-- | src/common/server.c | 2 | ||||
-rw-r--r-- | src/common/ssl.c | 21 | ||||
-rw-r--r-- | src/common/ssl.h | 2 |
3 files changed, 12 insertions, 13 deletions
diff --git a/src/common/server.c b/src/common/server.c index 1825117c..f90ce28f 100644 --- a/src/common/server.c +++ b/src/common/server.c @@ -772,7 +772,7 @@ server_connect_success (server *serv) /* it'll be a memory leak, if connection isn't terminated by server_cleanup() */ - if ((err = _SSL_set_verify (serv->ctx, ssl_cb_verify, NULL))) + if ((err = _SSL_set_verify (serv->ctx, ssl_cb_verify))) { EMIT_SIGNAL (XP_TE_CONNFAIL, serv->server_session, err, NULL, NULL, NULL, 0); diff --git a/src/common/ssl.c b/src/common/ssl.c index 0eb78bd7..e7f7e0a8 100644 --- a/src/common/ssl.c +++ b/src/common/ssl.c @@ -321,23 +321,22 @@ _SSL_socket (SSL_CTX *ctx, int sd) char * -_SSL_set_verify (SSL_CTX *ctx, void *verify_callback, char *cacert) +_SSL_set_verify (SSL_CTX *ctx, void *verify_callback) { - if (!SSL_CTX_set_default_verify_paths (ctx)) +#ifdef DEFAULT_CERT_FILE + if (!SSL_CTX_load_verify_locations (ctx, DEFAULT_CERT_FILE, NULL)) { - __SSL_fill_err_buf ("SSL_CTX_set_default_verify_paths"); + __SSL_fill_err_buf ("SSL_CTX_load_verify_locations"); return (err_buf); } -/* - if (cacert) +#else + if (!SSL_CTX_set_default_verify_paths (ctx)) { - if (!SSL_CTX_load_verify_locations (ctx, cacert, NULL)) - { - __SSL_fill_err_buf ("SSL_CTX_load_verify_locations"); - return (err_buf); - } + __SSL_fill_err_buf ("SSL_CTX_set_default_verify_paths"); + return (err_buf); } -*/ +#endif + SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER, verify_callback); return (NULL); diff --git a/src/common/ssl.h b/src/common/ssl.h index e722f831..bea2f440 100644 --- a/src/common/ssl.h +++ b/src/common/ssl.h @@ -45,7 +45,7 @@ SSL_CTX *_SSL_context_init (void (*info_cb_func)); #define _SSL_context_free(a) SSL_CTX_free(a); SSL *_SSL_socket (SSL_CTX *ctx, int sd); -char *_SSL_set_verify (SSL_CTX *ctx, void *(verify_callback), char *cacert); +char *_SSL_set_verify (SSL_CTX *ctx, void *(verify_callback)); /* int SSL_connect(SSL *); int SSL_accept(SSL *); |