[exim-cvs] Fail a DANE-mode verify on totally missing certif…

Startseite
Diese Nachricht ist Teil des folgenden Threads:
MDer komplette Thread sortiert nach Datum
 
 
Nachricht löschen
Nachricht beantworten
Autor: Exim Git Commits Mailing List
Datum:  
To: exim-cvs
Betreff: [exim-cvs] Fail a DANE-mode verify on totally missing certificate
Gitweb: http://git.exim.org/exim.git/commitdiff/02af313dc5374b79f04fd9961b74835dcc0389e8
Commit:     02af313dc5374b79f04fd9961b74835dcc0389e8
Parent:     3750d68d17a77fe0d51906e49fc09e24c5864a29
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Thu Dec 4 19:17:47 2014 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Thu Dec 4 19:17:47 2014 +0000


    Fail a DANE-mode verify on totally missing certificate
---
 src/src/tls-openssl.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)


diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 9aa655e..c23ac03 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1872,7 +1872,9 @@ if (expciphers != NULL)
 #ifdef EXPERIMENTAL_DANE
 if (tlsa_dnsa)
   {
-  SSL_CTX_set_verify(client_ctx, SSL_VERIFY_PEER, verify_callback_client_dane);
+  SSL_CTX_set_verify(client_ctx,
+    SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+    verify_callback_client_dane);


   if (!DANESSL_library_init())
     return tls_error(US"library init", host, NULL);


Diese Nachricht wurde auf der folgenden Mailing-List gepostet:
exim-cvs
Mailing-List-Info | Nachrichten um die Zeit		<-[exim-cvs] Docs: clarify interaction of DANE and CA-based certificate verification options[exim-cvs] Docs typo->
Tahini and Hummus and Cumin Development Archives administriert von cumin AdminsLurker (Version 2.3)