You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@trafficserver.apache.org by zw...@apache.org on 2012/05/20 17:33:50 UTC

git commit: Added some code that should (but does not, yet ...) disable cert verification.

Updated Branches:
  refs/heads/master e197d2f58 -> a855e3306


Added some code that should (but does not, yet ...) disable cert verification.


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/a855e330
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/a855e330
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/a855e330

Branch: refs/heads/master
Commit: a855e3306528a889096968bd12e94948aaaff029
Parents: e197d2f
Author: Leif Hedstrom <zw...@apache.org>
Authored: Sun May 20 09:33:23 2012 -0600
Committer: Leif Hedstrom <zw...@apache.org>
Committed: Sun May 20 09:33:23 2012 -0600

----------------------------------------------------------------------
 tools/http_load/http_load.c |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a855e330/tools/http_load/http_load.c
----------------------------------------------------------------------
diff --git a/tools/http_load/http_load.c b/tools/http_load/http_load.c
index 063a1fa..9f61ef5 100644
--- a/tools/http_load/http_load.c
+++ b/tools/http_load/http_load.c
@@ -1168,6 +1168,11 @@ start_socket(int url_num, int cnum, struct timeval *nowP)
   }
 }
 
+static int
+cert_verify_callback(int ok, X509_STORE_CTX *ctx)
+{
+  return 1;
+}
 
 static void
 handle_connect(int cnum, struct timeval *nowP, int double_check)
@@ -1220,6 +1225,9 @@ handle_connect(int cnum, struct timeval *nowP, int double_check)
       SSL_load_error_strings();
       SSLeay_add_ssl_algorithms();
       ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+      /* For some reason this does not seem to work, but indications are that it should...
+         Maybe something with how we create connections? TODO: Fix it... */
+      SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, cert_verify_callback);
       if (cipher != (char *) 0) {
         if (!SSL_CTX_set_cipher_list(ssl_ctx, cipher)) {
           (void) fprintf(stderr, "%s: cannot set cipher list\n", argv0);
@@ -1229,6 +1237,7 @@ handle_connect(int cnum, struct timeval *nowP, int double_check)
         }
       }
     }
+
     if (!RAND_status()) {
       unsigned char bytes[1024];
       int i;