diff options
Diffstat (limited to 'src/modules/extra/m_ssl_openssl.cpp')
| -rw-r--r-- | src/modules/extra/m_ssl_openssl.cpp | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 4ad556438..4df0d8962 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -132,7 +132,7 @@ namespace OpenSSL mode |= SSL_MODE_RELEASE_BUFFERS; #endif SSL_CTX_set_mode(ctx, mode); - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, OnVerify); + SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); SSL_CTX_set_info_callback(ctx, StaticSSLInfoCallback); } @@ -206,6 +206,11 @@ namespace OpenSSL return SSL_CTX_clear_options(ctx, clearoptions); } + void SetVerifyCert() + { + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, OnVerify); + } + SSL* CreateServerSession() { SSL* sess = SSL_new(ctx); @@ -345,6 +350,10 @@ namespace OpenSSL ERR_print_errors_cb(error_callback, this); ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Can't read CA list from %s. This is only a problem if you want to verify client certificates, otherwise it's safe to ignore this message. Error: %s", filename.c_str(), lasterr.c_str()); } + + clictx.SetVerifyCert(); + if (tag->getBool("requestclientcert", true)) + ctx.SetVerifyCert(); } const std::string& GetName() const { return name; } |