You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2018/08/13 18:39:51 UTC
[trafficserver] branch 8.0.x updated: Avoid cert callback if no
verification is requested.
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/8.0.x by this push:
new 9595a1b Avoid cert callback if no verification is requested.
9595a1b is described below
commit 9595a1b3d0afc45bc383f155dad698aba9b5f493
Author: Susan Hinrichs <sh...@apache.org>
AuthorDate: Tue Jul 3 10:04:02 2018 -0500
Avoid cert callback if no verification is requested.
(cherry picked from commit 6d27764b64ae30275ab7ad750dd0a54ff8050df7)
---
iocore/net/SSLNetVConnection.cc | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index d4317b9..6cb133d 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -1016,7 +1016,15 @@ SSLNetVConnection::sslStartHandShake(int event, int &err)
SSLErrorVC(this, "failed to create SSL client session");
return EVENT_ERROR;
}
- SSL_set_verify(this->ssl, clientVerify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, verify_callback);
+ int verify_op;
+ if (clientVerify) {
+ verify_op = SSL_VERIFY_PEER;
+ SSL_set_verify(this->ssl, verify_op, verify_callback);
+ } else {
+ // Don't bother to set the verify callback if no verification is required
+ verify_op = SSL_VERIFY_NONE;
+ SSL_set_verify(this->ssl, verify_op, nullptr);
+ }
if (this->options.sni_servername) {
if (SSL_set_tlsext_host_name(this->ssl, this->options.sni_servername)) {