summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2008-03-11 17:21:47 +0000
committerNick Mathewson <nickm@torproject.org>2008-03-11 17:21:47 +0000
commitcd4ae7193d086427b5e506862f070af24ee46e5e (patch)
tree3b8f3b4483a6fbcb54cff2b4edbf819c5dc70872
parente1829bf8cd51e0b11c4333dbdffed896ce281c95 (diff)
downloadtor-cd4ae7193d086427b5e506862f070af24ee46e5e.tar.gz
tor-cd4ae7193d086427b5e506862f070af24ee46e5e.zip
r18748@catbus: nickm | 2008-03-11 13:21:33 -0400
Backport: Request client certs when renegotiating on server-side. Spotted by lodger. Bugfix on 0.2.0.x. svn:r13974
Diffstat
-rw-r--r--ChangeLog2
-rw-r--r--src/common/tortls.c2
2 files changed, 3 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index fb0d701cdb..81a2bca272 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,8 @@ Changes in version 0.2.0.22-rc - 2008-03-??
events. Caught by mwenge; bugfix on 0.1.2.x.
- Fix the SVK version detection logic to work correctly on a branch.
Bugfix on 0.2.0.x.
+ - Make sure servers always request certificates from clients during
+ TLS renegotiation. Bugfix on 0.2.0.x.
Changes in version 0.2.0.21-rc - 2008-03-02
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 24e0a4071a..255237e1eb 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -930,7 +930,7 @@ tor_tls_handshake(tor_tls_t *tls)
tls->state = TOR_TLS_ST_OPEN;
if (tls->isServer) {
SSL_set_info_callback(tls->ssl, NULL);
- SSL_set_verify(tls->ssl, SSL_VERIFY_NONE, always_accept_verify_cb);
+ SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, always_accept_verify_cb);
/* There doesn't seem to be a clear OpenSSL API to clear mode flags. */
tls->ssl->mode &= ~SSL_MODE_NO_AUTO_CHAIN;
#ifdef V2_HANDSHAKE_SERVER
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion