You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2012/05/20 17:33:50 UTC
git commit: Added some code that should (but does not,
yet ...) disable cert verification.
Updated Branches:
refs/heads/master e197d2f58 -> a855e3306
Added some code that should (but does not, yet ...) disable cert verification.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/a855e330
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/a855e330
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/a855e330
Branch: refs/heads/master
Commit: a855e3306528a889096968bd12e94948aaaff029
Parents: e197d2f
Author: Leif Hedstrom <zw...@apache.org>
Authored: Sun May 20 09:33:23 2012 -0600
Committer: Leif Hedstrom <zw...@apache.org>
Committed: Sun May 20 09:33:23 2012 -0600
----------------------------------------------------------------------
tools/http_load/http_load.c | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a855e330/tools/http_load/http_load.c
----------------------------------------------------------------------
diff --git a/tools/http_load/http_load.c b/tools/http_load/http_load.c
index 063a1fa..9f61ef5 100644
--- a/tools/http_load/http_load.c
+++ b/tools/http_load/http_load.c
@@ -1168,6 +1168,11 @@ start_socket(int url_num, int cnum, struct timeval *nowP)
}
}
+static int
+cert_verify_callback(int ok, X509_STORE_CTX *ctx)
+{
+ return 1;
+}
static void
handle_connect(int cnum, struct timeval *nowP, int double_check)
@@ -1220,6 +1225,9 @@ handle_connect(int cnum, struct timeval *nowP, int double_check)
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+ /* For some reason this does not seem to work, but indications are that it should...
+ Maybe something with how we create connections? TODO: Fix it... */
+ SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, cert_verify_callback);
if (cipher != (char *) 0) {
if (!SSL_CTX_set_cipher_list(ssl_ctx, cipher)) {
(void) fprintf(stderr, "%s: cannot set cipher list\n", argv0);
@@ -1229,6 +1237,7 @@ handle_connect(int cnum, struct timeval *nowP, int double_check)
}
}
}
+
if (!RAND_status()) {
unsigned char bytes[1024];
int i;