r18748@catbus: nickm | 2008-03-11 13:21:33 -0400

Backport: Request client certs when renegotiating on server-side. Spotted by lodger. Bugfix on 0.2.0.x. svn:r13974
2008-03-11 17:21:47 +00:00 · 2008-03-11 17:21:47 +00:00 · cd4ae7193d
parent e1829bf8cd
commit cd4ae7193d
2 changed files with 3 additions and 1 deletions
--- a/2
+++ b/2
@ -14,6 +14,8 @@ Changes in version 0.2.0.22-rc - 2008-03-??
      events.  Caught by mwenge; bugfix on 0.1.2.x.
    - Fix the SVK version detection logic to work correctly on a branch.
      Bugfix on 0.2.0.x.
+    - Make sure servers always request certificates from clients during
+      TLS renegotiation. Bugfix on 0.2.0.x.


 Changes in version 0.2.0.21-rc - 2008-03-02
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@ -930,7 +930,7 @@ tor_tls_handshake(tor_tls_t *tls)
    tls->state = TOR_TLS_ST_OPEN;
    if (tls->isServer) {
      SSL_set_info_callback(tls->ssl, NULL);
-      SSL_set_verify(tls->ssl, SSL_VERIFY_NONE, always_accept_verify_cb);
+      SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, always_accept_verify_cb);
      /* There doesn't seem to be a clear OpenSSL API to clear mode flags. */
      tls->ssl->mode &= ~SSL_MODE_NO_AUTO_CHAIN;
 #ifdef V2_HANDSHAKE_SERVER