r18748@catbus: nickm | 2008-03-11 13:21:33 -0400
Backport: Request client certs when renegotiating on server-side. Spotted by lodger. Bugfix on 0.2.0.x. svn:r13974
This commit is contained in:
parent
e1829bf8cd
commit
cd4ae7193d
|
@ -14,6 +14,8 @@ Changes in version 0.2.0.22-rc - 2008-03-??
|
||||||
events. Caught by mwenge; bugfix on 0.1.2.x.
|
events. Caught by mwenge; bugfix on 0.1.2.x.
|
||||||
- Fix the SVK version detection logic to work correctly on a branch.
|
- Fix the SVK version detection logic to work correctly on a branch.
|
||||||
Bugfix on 0.2.0.x.
|
Bugfix on 0.2.0.x.
|
||||||
|
- Make sure servers always request certificates from clients during
|
||||||
|
TLS renegotiation. Bugfix on 0.2.0.x.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.0.21-rc - 2008-03-02
|
Changes in version 0.2.0.21-rc - 2008-03-02
|
||||||
|
|
|
@ -930,7 +930,7 @@ tor_tls_handshake(tor_tls_t *tls)
|
||||||
tls->state = TOR_TLS_ST_OPEN;
|
tls->state = TOR_TLS_ST_OPEN;
|
||||||
if (tls->isServer) {
|
if (tls->isServer) {
|
||||||
SSL_set_info_callback(tls->ssl, NULL);
|
SSL_set_info_callback(tls->ssl, NULL);
|
||||||
SSL_set_verify(tls->ssl, SSL_VERIFY_NONE, always_accept_verify_cb);
|
SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, always_accept_verify_cb);
|
||||||
/* There doesn't seem to be a clear OpenSSL API to clear mode flags. */
|
/* There doesn't seem to be a clear OpenSSL API to clear mode flags. */
|
||||||
tls->ssl->mode &= ~SSL_MODE_NO_AUTO_CHAIN;
|
tls->ssl->mode &= ~SSL_MODE_NO_AUTO_CHAIN;
|
||||||
#ifdef V2_HANDSHAKE_SERVER
|
#ifdef V2_HANDSHAKE_SERVER
|
||||||
|
|
Loading…
Reference in New Issue