7 Feb
2014
7 Feb
'14
6:16 a.m.
# HG changeset patch
# User dkg(a)fifthhorseman.net
# Date 1391752642 18000
# Fri Feb 07 00:57:22 2014 -0500
# Node ID 3452ac3cefa062be1f3f9191e4ea13c9c6b38ef3
# Parent 947493f0845096d5e79041e07624a2c8de9fe091
avoid loading CAs for non-verifying incoming connections
Since incoming (PERDITION_SSL_SERVER) connections don't verify
certificates when ssl_no_client_cert_verify is set, we can skip the CA
loading.
diff -r 947493f08450 -r 3452ac3cefa0 perdition/ssl.c
--- a/perdition/ssl.c Fri Feb 07 00:49:38 2014 -0500
+++ b/perdition/ssl.c Fri Feb 07 00:57:22 2014 -0500
@@ -582,7 +582,8 @@
goto err;
}
- if (flag & PERDITION_SSL_CLIENT && opt.ssl_no_cert_verify)
+ if ((flag & PERDITION_SSL_CLIENT && opt.ssl_no_cert_verify) ||
+ (flag & PERDITION_SSL_SERVER && opt.ssl_no_client_cert_verify))
goto out;
/*