[or-cvs] r13973: Request client certs when renegotiating on server-side. Spot (in tor/trunk: . src/common)
nickm at seul.org
nickm at seul.org
Tue Mar 11 17:21:44 UTC 2008
Author: nickm
Date: 2008-03-11 13:21:44 -0400 (Tue, 11 Mar 2008)
New Revision: 13973
Modified:
tor/trunk/
tor/trunk/ChangeLog
tor/trunk/src/common/tortls.c
Log:
r18747 at catbus: nickm | 2008-03-11 13:21:25 -0400
Request client certs when renegotiating on server-side. Spotted by lodger. Bugfix on 0.2.0.x.
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r18747] on 8246c3cf-6607-4228-993b-4d95d33730f1
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2008-03-11 14:38:24 UTC (rev 13972)
+++ tor/trunk/ChangeLog 2008-03-11 17:21:44 UTC (rev 13973)
@@ -11,6 +11,8 @@
events. Caught by mwenge; bugfix on 0.1.2.x.
- Fix the SVK version detection logic to work correctly on a branch.
Bugfix on 0.2.0.x.
+ - Make sure servers always request certificates from clients during
+ TLS renegotiation. Bugfix on 0.2.0.x.
o Minor features:
- Allow separate log levels to be configured for different logging
Modified: tor/trunk/src/common/tortls.c
===================================================================
--- tor/trunk/src/common/tortls.c 2008-03-11 14:38:24 UTC (rev 13972)
+++ tor/trunk/src/common/tortls.c 2008-03-11 17:21:44 UTC (rev 13973)
@@ -930,7 +930,7 @@
tls->state = TOR_TLS_ST_OPEN;
if (tls->isServer) {
SSL_set_info_callback(tls->ssl, NULL);
- SSL_set_verify(tls->ssl, SSL_VERIFY_NONE, always_accept_verify_cb);
+ SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, always_accept_verify_cb);
/* There doesn't seem to be a clear OpenSSL API to clear mode flags. */
tls->ssl->mode &= ~SSL_MODE_NO_AUTO_CHAIN;
#ifdef V2_HANDSHAKE_SERVER
More information about the tor-commits
mailing list