diff options
| author | Nick Mathewson <nickm@torproject.org> | 2008-03-11 17:21:44 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2008-03-11 17:21:44 +0000 |
| commit | 24f91d2876a6f94149ef8c13d56be9f12d2daf14 (patch) | |
| tree | 5ff517dfa4433e2721447159a3037a066474f0d7 | |
| parent | 2cb7f63c9cc98b8344a782aaa9cf130d031fbb93 (diff) | |
| download | tor-24f91d2876a6f94149ef8c13d56be9f12d2daf14.tar.gz tor-24f91d2876a6f94149ef8c13d56be9f12d2daf14.zip | |
r18747@catbus: nickm | 2008-03-11 13:21:25 -0400
Request client certs when renegotiating on server-side. Spotted by lodger. Bugfix on 0.2.0.x.
svn:r13973
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | src/common/tortls.c | 2 |
2 files changed, 3 insertions, 1 deletions
@@ -11,6 +11,8 @@ Changes in version 0.2.1.1-alpha - 2008-??-?? events. Caught by mwenge; bugfix on 0.1.2.x. - Fix the SVK version detection logic to work correctly on a branch. Bugfix on 0.2.0.x. + - Make sure servers always request certificates from clients during + TLS renegotiation. Bugfix on 0.2.0.x. o Minor features: - Allow separate log levels to be configured for different logging diff --git a/src/common/tortls.c b/src/common/tortls.c index a73b0fb40a..6773639e21 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -930,7 +930,7 @@ tor_tls_handshake(tor_tls_t *tls) tls->state = TOR_TLS_ST_OPEN; if (tls->isServer) { SSL_set_info_callback(tls->ssl, NULL); - SSL_set_verify(tls->ssl, SSL_VERIFY_NONE, always_accept_verify_cb); + SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, always_accept_verify_cb); /* There doesn't seem to be a clear OpenSSL API to clear mode flags. */ tls->ssl->mode &= ~SSL_MODE_NO_AUTO_CHAIN; #ifdef V2_HANDSHAKE_SERVER |