This is an automated email from the ASF dual-hosted git repository.
shinrich pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 6d27764 Avoid cert callback if no verification is requested.
6d27764 is described below
commit 6d27764b64ae30275ab7ad750dd0a54ff8050df7
Author: Susan Hinrichs <[email protected]>
AuthorDate: Tue Jul 3 10:04:02 2018 -0500
Avoid cert callback if no verification is requested.
---
iocore/net/SSLNetVConnection.cc | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index d4317b9..6cb133d 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -1016,7 +1016,15 @@ SSLNetVConnection::sslStartHandShake(int event, int &err)
SSLErrorVC(this, "failed to create SSL client session");
return EVENT_ERROR;
}
- SSL_set_verify(this->ssl, clientVerify ? SSL_VERIFY_PEER :
SSL_VERIFY_NONE, verify_callback);
+ int verify_op;
+ if (clientVerify) {
+ verify_op = SSL_VERIFY_PEER;
+ SSL_set_verify(this->ssl, verify_op, verify_callback);
+ } else {
+ // Don't bother to set the verify callback if no verification is
required
+ verify_op = SSL_VERIFY_NONE;
+ SSL_set_verify(this->ssl, verify_op, nullptr);
+ }
if (this->options.sni_servername) {
if (SSL_set_tlsext_host_name(this->ssl, this->options.sni_servername))
{
