This is an automated email from the ASF dual-hosted git repository.
paziz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 7fb12c0 set verify locations in the initializer function only
7fb12c0 is described below
commit 7fb12c035957bd0c58bc30a3f99a50f67ac55a9d
Author: Syeda Persia Aziz <[email protected]>
AuthorDate: Thu Jun 14 13:39:26 2018 -0500
set verify locations in the initializer function only
---
iocore/net/SSLClientUtils.cc | 18 ++++++++----------
iocore/net/SSLNetVConnection.cc | 7 -------
2 files changed, 8 insertions(+), 17 deletions(-)
diff --git a/iocore/net/SSLClientUtils.cc b/iocore/net/SSLClientUtils.cc
index 367f634..139ba06 100644
--- a/iocore/net/SSLClientUtils.cc
+++ b/iocore/net/SSLClientUtils.cc
@@ -164,19 +164,17 @@ SSLInitClientContext(const SSLConfigParams *params)
if (params->clientVerify) {
SSL_CTX_set_verify(client_ctx, SSL_VERIFY_PEER, verify_callback);
SSL_CTX_set_verify_depth(client_ctx, params->client_verify_depth);
+ }
- if (params->clientCACertFilename != nullptr || params->clientCACertPath !=
nullptr) {
- if (!SSL_CTX_load_verify_locations(client_ctx,
params->clientCACertFilename, params->clientCACertPath)) {
- SSLError("invalid client CA Certificate file (%s) or CA Certificate
path (%s)", params->clientCACertFilename,
- params->clientCACertPath);
- goto fail;
- }
- }
-
- if (!SSL_CTX_set_default_verify_paths(client_ctx)) {
- SSLError("failed to set the default verify paths");
+ if (params->clientCACertFilename != nullptr || params->clientCACertPath !=
nullptr) {
+ if (!SSL_CTX_load_verify_locations(client_ctx,
params->clientCACertFilename, params->clientCACertPath)) {
+ SSLError("invalid client CA Certificate file (%s) or CA Certificate path
(%s)", params->clientCACertFilename,
+ params->clientCACertPath);
goto fail;
}
+ } else if (!SSL_CTX_set_default_verify_paths(client_ctx)) {
+ SSLError("failed to set the default verify paths");
+ goto fail;
}
if (SSLConfigParams::init_ssl_ctx_cb) {
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index 6638f00..02440a8 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -1013,13 +1013,6 @@ SSLNetVConnection::sslStartHandShake(int event, int &err)
SSLErrorVC(this, "failed to create SSL client session");
return EVENT_ERROR;
}
- if (clientVerify && params->clientCACertFilename != nullptr &&
params->clientCACertPath != nullptr) {
- if (!SSL_CTX_load_verify_locations(clientCTX,
params->clientCACertFilename, params->clientCACertPath)) {
- SSLError("invalid client CA Certificate file (%s) or CA Certificate
path (%s)", params->clientCACertFilename,
- params->clientCACertPath);
- return EVENT_ERROR;
- }
- }
this->ssl = make_ssl_connection(clientCTX, this);
if (this->ssl == nullptr) {
--
To stop receiving notification emails like this one, please contact
[email protected].
