openssl: handle lack of server cert when strict checking disabled

If strict certificate checking is disabled (CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST are disabled) do not fail if the server doesn't present a certificate at all. Closes #392
curl · Aug 21, 2015 · 8363656 · 8363656
1 parent 38ef1b3
commit 8363656
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
@@ -2644,8 +2644,10 @@ static CURLcode servercert(struct connectdata *conn,
 
   connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
   if(!connssl->server_cert) {
-    if(strict)
-      failf(data, "SSL: couldn't get peer certificate!");
+    if(!strict)
+      return CURLE_OK;
+
+    failf(data, "SSL: couldn't get peer certificate!");
     return CURLE_PEER_FAILED_VERIFICATION;
   }