diff options
author | Nick Mathewson <nickm@torproject.org> | 2008-03-11 17:21:47 +0000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2008-03-11 17:21:47 +0000 |
commit | cd4ae7193d086427b5e506862f070af24ee46e5e (patch) | |
tree | 3b8f3b4483a6fbcb54cff2b4edbf819c5dc70872 | |
parent | e1829bf8cd51e0b11c4333dbdffed896ce281c95 (diff) | |
download | tor-cd4ae7193d086427b5e506862f070af24ee46e5e.tar.gz tor-cd4ae7193d086427b5e506862f070af24ee46e5e.zip |
r18748@catbus: nickm | 2008-03-11 13:21:33 -0400
Backport: Request client certs when renegotiating on server-side. Spotted by lodger. Bugfix on 0.2.0.x.
svn:r13974
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | src/common/tortls.c | 2 |
2 files changed, 3 insertions, 1 deletions
@@ -14,6 +14,8 @@ Changes in version 0.2.0.22-rc - 2008-03-?? events. Caught by mwenge; bugfix on 0.1.2.x. - Fix the SVK version detection logic to work correctly on a branch. Bugfix on 0.2.0.x. + - Make sure servers always request certificates from clients during + TLS renegotiation. Bugfix on 0.2.0.x. Changes in version 0.2.0.21-rc - 2008-03-02 diff --git a/src/common/tortls.c b/src/common/tortls.c index 24e0a4071a..255237e1eb 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -930,7 +930,7 @@ tor_tls_handshake(tor_tls_t *tls) tls->state = TOR_TLS_ST_OPEN; if (tls->isServer) { SSL_set_info_callback(tls->ssl, NULL); - SSL_set_verify(tls->ssl, SSL_VERIFY_NONE, always_accept_verify_cb); + SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, always_accept_verify_cb); /* There doesn't seem to be a clear OpenSSL API to clear mode flags. */ tls->ssl->mode &= ~SSL_MODE_NO_AUTO_CHAIN; #ifdef V2_HANDSHAKE_SERVER |