Fix to be able to set a verification "mode" to the

SSL_CTX_set_verify() function without having to set a custom (*verify_callback). It was previously unable to only switch/select SSL_VERIFY_CLIENT_ONCE, SSL_VERIFY_FAIL_IF_NO_PEER_CERT, SSL_VERIFY_PEER or SSL_VERIFY_NONE
Tibo-lg · Dec 31, 2011 · f3c3f37 · f3c3f37
1 parent 4df9e40
commit f3c3f37
Showing 1 changed file with 1 addition and 4 deletions.
diff --git a/evhtp.c b/evhtp.c
@@ -2512,10 +2512,7 @@ evhtp_ssl_init(evhtp_t * htp, evhtp_ssl_cfg_t * cfg) {
 
     SSL_CTX_load_verify_locations(htp->ssl_ctx, cfg->cafile, cfg->capath);
     X509_STORE_set_flags(SSL_CTX_get_cert_store(htp->ssl_ctx), cfg->store_flags);
-
-    if (cfg->x509_verify_cb != NULL) {
-        SSL_CTX_set_verify(htp->ssl_ctx, cfg->verify_peer, cfg->x509_verify_cb);
-    }
+    SSL_CTX_set_verify(htp->ssl_ctx, cfg->verify_peer, cfg->x509_verify_cb);
 
     if (cfg->x509_chk_issued_cb != NULL) {
         htp->ssl_ctx->cert_store->check_issued = cfg->x509_chk_issued_cb;