Mercurial > gftp.yaz

diff lib/sslcommon.c @ 431:593dddb1e59c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
2004-3-17 Brian Masney <masneyb@gftp.org> * lib/sslcommon.c - fix so that the option verify_ssl_peer can be toggled while gftp is running and on a per connection basis
author masneyb
date Wed, 17 Mar 2004 18:01:48 +0000
parents d66801310c09
children 075f89b4395c
line wrap: on
line diff
--- a/lib/sslcommon.c	Wed Mar 17 13:44:43 2004 +0000
+++ b/lib/sslcommon.c	Wed Mar 17 18:01:48 2004 +0000
@@ -84,11 +84,16 @@
 gftp_ssl_verify_callback (int ok, X509_STORE_CTX *store)
 {
   char issuer[256], subject[256];
+  intptr_t verify_ssl_peer;
   gftp_request * request;
   SSL * ssl;
 
   ssl = X509_STORE_CTX_get_ex_data (store, SSL_get_ex_data_X509_STORE_CTX_idx ());
   request = SSL_get_ex_data (ssl, gftp_ssl_get_index ());
+  gftp_lookup_request_option (request, "verify_ssl_peer", &verify_ssl_peer);
+
+  if (!verify_ssl_peer)
+    ok = 1;
 
   if (!ok)
     {
@@ -273,7 +278,7 @@
 int
 gftp_ssl_startup (gftp_request * request)
 {
-  intptr_t entropy_len, verify_ssl_peer;
+  intptr_t entropy_len;
   char *entropy_source;
 
   if (gftp_ssl_initialized)
@@ -293,7 +298,6 @@
 
   SSL_load_error_strings (); 
 
-  gftp_lookup_request_option (request, "verify_ssl_peer", &verify_ssl_peer);
   gftp_lookup_request_option (request, "entropy_source", &entropy_source);
   gftp_lookup_request_option (request, "entropy_len", &entropy_len);
   RAND_load_file (entropy_source, entropy_len);
@@ -307,11 +311,8 @@
       return (GFTP_EFATAL);
     }
 
-  if (verify_ssl_peer)
-    {
-      SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER, gftp_ssl_verify_callback);
-      SSL_CTX_set_verify_depth (ctx, 9);
-    }
+  SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER, gftp_ssl_verify_callback);
+  SSL_CTX_set_verify_depth (ctx, 9);
 
   SSL_CTX_set_options (ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2);