r18748@catbus: nickm | 2008-03-11 13:21:33 -0400
Backport: Request client certs when renegotiating on server-side. Spotted by lodger. Bugfix on 0.2.0.x. svn:r13974
This commit is contained in:
parent
e1829bf8cd
commit
cd4ae7193d
|
@ -14,6 +14,8 @@ Changes in version 0.2.0.22-rc - 2008-03-??
|
|||
events. Caught by mwenge; bugfix on 0.1.2.x.
|
||||
- Fix the SVK version detection logic to work correctly on a branch.
|
||||
Bugfix on 0.2.0.x.
|
||||
- Make sure servers always request certificates from clients during
|
||||
TLS renegotiation. Bugfix on 0.2.0.x.
|
||||
|
||||
|
||||
Changes in version 0.2.0.21-rc - 2008-03-02
|
||||
|
|
|
@ -930,7 +930,7 @@ tor_tls_handshake(tor_tls_t *tls)
|
|||
tls->state = TOR_TLS_ST_OPEN;
|
||||
if (tls->isServer) {
|
||||
SSL_set_info_callback(tls->ssl, NULL);
|
||||
SSL_set_verify(tls->ssl, SSL_VERIFY_NONE, always_accept_verify_cb);
|
||||
SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, always_accept_verify_cb);
|
||||
/* There doesn't seem to be a clear OpenSSL API to clear mode flags. */
|
||||
tls->ssl->mode &= ~SSL_MODE_NO_AUTO_CHAIN;
|
||||
#ifdef V2_HANDSHAKE_SERVER
|
||||
|
|
Loading…
Reference in New Issue