# HG changeset patch
# User dkg(a)fifthhorseman.net
# Date 1391753406 18000
# Fri Feb 07 01:10:06 2014 -0500
# Node ID 179fcc9a4fb8a4c6b207304db6e2c153388ce2b9
# Parent 3452ac3cefa062be1f3f9191e4ea13c9c6b38ef3
avoid loading CAs for any SSL_CTX that has no plans to verify them
Prior to this change, a set of trusted CAs (a "root store") was loaded
for incoming connections that had no plans to verify the client certs,
though the same root store was not loaded for outbound connections
that had no intent to verify certs.
With this change, the checks are treated symmetrically.
Note also that this change actually changes the meaning of
ssl_no_cert_verify for incoming (PERDITION_SSL_SERVER) connections:
Before this change, ssl_no_cert_verify would affect incoming
connections, despite being documented as a setting for outbound
connections.
With this change, ssl_no_cert_verify should not have any affect on
incoming connections.
diff -r 3452ac3cefa0 -r 179fcc9a4fb8 perdition/ssl.c
--- a/perdition/ssl.c Fri Feb 07 00:57:22 2014 -0500
+++ b/perdition/ssl.c Fri Feb 07 01:10:06 2014 -0500
@@ -583,8 +583,10 @@
}
if ((flag & PERDITION_SSL_CLIENT && opt.ssl_no_cert_verify) ||
- (flag & PERDITION_SSL_SERVER && opt.ssl_no_client_cert_verify))
+ (flag & PERDITION_SSL_SERVER && opt.ssl_no_client_cert_verify)) {
+ SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL);
goto out;
+ }
/*
* Load the Certificate Authorities
@@ -607,11 +609,7 @@
}
SSL_CTX_set_verify_depth(ssl_ctx, opt.ssl_cert_verify_depth + 1);
- if (flag & PERDITION_SSL_SERVER &&
- (opt.ssl_no_cert_verify || opt.ssl_no_client_cert_verify))
- mode = SSL_VERIFY_NONE;
- else
- mode = SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
+ mode = SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
SSL_CTX_set_verify(ssl_ctx, mode, __perdition_verify_callback);
/* NB: We do not need to call SSL_CTX_check_private_key()