You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by sh...@apache.org on 2018/07/09 21:06:32 UTC
[trafficserver] branch master updated: Avoid cert callback if no
verification is requested.
This is an automated email from the ASF dual-hosted git repository.
shinrich pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 6d27764 Avoid cert callback if no verification is requested.
6d27764 is described below
commit 6d27764b64ae30275ab7ad750dd0a54ff8050df7
Author: Susan Hinrichs <sh...@apache.org>
AuthorDate: Tue Jul 3 10:04:02 2018 -0500
Avoid cert callback if no verification is requested.
---
iocore/net/SSLNetVConnection.cc | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index d4317b9..6cb133d 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -1016,7 +1016,15 @@ SSLNetVConnection::sslStartHandShake(int event, int &err)
SSLErrorVC(this, "failed to create SSL client session");
return EVENT_ERROR;
}
- SSL_set_verify(this->ssl, clientVerify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, verify_callback);
+ int verify_op;
+ if (clientVerify) {
+ verify_op = SSL_VERIFY_PEER;
+ SSL_set_verify(this->ssl, verify_op, verify_callback);
+ } else {
+ // Don't bother to set the verify callback if no verification is required
+ verify_op = SSL_VERIFY_NONE;
+ SSL_set_verify(this->ssl, verify_op, nullptr);
+ }
if (this->options.sni_servername) {
if (SSL_set_tlsext_host_name(this->ssl, this->options.sni_servername)) {