[exim-cvs] Fail a DANE-mode verify on totally missing certificate

Szerző: Exim Git Commits Mailing List
Dátum:
Címzett: exim-cvs
Tárgy: [exim-cvs] Fail a DANE-mode verify on totally missing certificate

Gitweb: http://git.exim.org/exim.git/commitdiff/02af313dc5374b79f04fd9961b74835dcc0389e8

Commit:     02af313dc5374b79f04fd9961b74835dcc0389e8
Parent:     3750d68d17a77fe0d51906e49fc09e24c5864a29
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Thu Dec 4 19:17:47 2014 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Thu Dec 4 19:17:47 2014 +0000

    Fail a DANE-mode verify on totally missing certificate
---
 src/src/tls-openssl.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 9aa655e..c23ac03 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1872,7 +1872,9 @@ if (expciphers != NULL)
 #ifdef EXPERIMENTAL_DANE
 if (tlsa_dnsa)
   {
-  SSL_CTX_set_verify(client_ctx, SSL_VERIFY_PEER, verify_callback_client_dane);
+  SSL_CTX_set_verify(client_ctx,
+    SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+    verify_callback_client_dane);

   if (!DANESSL_library_init())
     return tls_error(US"library init", host, NULL);

Ez az üzenet a következő szál része:
	a teljes szál-fa dátum szerinti rendezve

[exim-cvs] Fail a DANE-mode verify on totally missing certif…