diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2014-12-04 19:17:47 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2014-12-04 19:17:47 +0000 |
commit | 02af313dc5374b79f04fd9961b74835dcc0389e8 (patch) | |
tree | 3a96c6a20e89a9e81164a4f59d3bfb45c130fb6f /src | |
parent | 3750d68d17a77fe0d51906e49fc09e24c5864a29 (diff) |
Fail a DANE-mode verify on totally missing certificate
Diffstat (limited to 'src')
-rw-r--r-- | src/src/tls-openssl.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 9aa655e82..c23ac031f 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -1872,7 +1872,9 @@ if (expciphers != NULL) #ifdef EXPERIMENTAL_DANE if (tlsa_dnsa) { - SSL_CTX_set_verify(client_ctx, SSL_VERIFY_PEER, verify_callback_client_dane); + SSL_CTX_set_verify(client_ctx, + SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + verify_callback_client_dane); if (!DANESSL_library_init()) return tls_error(US"library init", host, NULL); |