# HG changeset patch
# User masneyb
# Date 1078195037 0
# Node ID d66801310c09d2685f682ad9bafe5c786c72d66a
# Parent  1ffdbc487a7070057048897adee950127bccd943
2004-3-1 Brian Masney <masneyb@gftp.org>

        * lib/sslcommon.c - added verify_ssl_peer option

diff -r 1ffdbc487a70 -r d66801310c09 ChangeLog
--- a/ChangeLog	Tue Mar 02 02:29:10 2004 +0000
+++ b/ChangeLog	Tue Mar 02 02:37:17 2004 +0000
@@ -1,4 +1,6 @@
 2004-3-1 Brian Masney <masneyb@gftp.org>
+	* lib/sslcommon.c - added verify_ssl_peer option
+
 	* lib/ftps.c - set the protocol number to GFTP_FTPS_NUM
 
 	* lib/https.c - set the protocol number to GFTP_HTTPS_NUM
@@ -2234,7 +2236,7 @@
 
 	* cvsclean - added this script
 
-	* *.[ch] - added $Id: ChangeLog,v 1.228 2004/03/02 02:29:09 masneyb Exp $ tags
+	* *.[ch] - added $Id: ChangeLog,v 1.229 2004/03/02 02:37:16 masneyb Exp $ tags
 
 	* debian/* - updated files from Debian maintainer
 
diff -r 1ffdbc487a70 -r d66801310c09 lib/sslcommon.c
--- a/lib/sslcommon.c	Tue Mar 02 02:29:10 2004 +0000
+++ b/lib/sslcommon.c	Tue Mar 02 02:37:17 2004 +0000
@@ -38,6 +38,9 @@
    gftp_option_type_int, GINT_TO_POINTER(1024), NULL, 0, 
    N_("The maximum number of bytes to seed the SSL engine with"), 
    GFTP_PORT_ALL, 0},
+  {"verify_ssl_peer", N_("Verify SSL Peer"),
+  gftp_option_type_checkbox, GINT_TO_POINTER(1), NULL, 0,
+   N_("Verify SSL Peer"), GFTP_PORT_ALL, NULL},
 
   {NULL, NULL, 0, NULL, NULL, 0, NULL, 0, NULL}
 };  
@@ -270,8 +273,8 @@
 int
 gftp_ssl_startup (gftp_request * request)
 {
+  intptr_t entropy_len, verify_ssl_peer;
   char *entropy_source;
-  intptr_t entropy_len;
 
   if (gftp_ssl_initialized)
     return (0);
@@ -290,6 +293,7 @@
 
   SSL_load_error_strings (); 
 
+  gftp_lookup_request_option (request, "verify_ssl_peer", &verify_ssl_peer);
   gftp_lookup_request_option (request, "entropy_source", &entropy_source);
   gftp_lookup_request_option (request, "entropy_len", &entropy_len);
   RAND_load_file (entropy_source, entropy_len);
@@ -303,8 +307,12 @@
       return (GFTP_EFATAL);
     }
 
-  SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER, gftp_ssl_verify_callback);
-  SSL_CTX_set_verify_depth (ctx, 9);
+  if (verify_ssl_peer)
+    {
+      SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER, gftp_ssl_verify_callback);
+      SSL_CTX_set_verify_depth (ctx, 9);
+    }
+
   SSL_CTX_set_options (ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2);
 
   if (SSL_CTX_set_cipher_list (ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH") != 1)
@@ -321,6 +329,7 @@
 int
 gftp_ssl_session_setup (gftp_request * request)
 {
+  intptr_t verify_ssl_peer;
   BIO * bio;
   long ret;
 
@@ -370,7 +379,10 @@
       return (GFTP_EFATAL);
     }
 
-  if ((ret = gftp_ssl_post_connection_check (request)) != X509_V_OK)
+  gftp_lookup_request_option (request, "verify_ssl_peer", &verify_ssl_peer);
+
+  if (verify_ssl_peer && 
+      (ret = gftp_ssl_post_connection_check (request)) != X509_V_OK)
     {
       if (ret != X509_V_ERR_APPLICATION_VERIFICATION)
         request->logging_function (gftp_logging_error, request,