Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

r18747@catbus: nickm | 2008-03-11 13:21:25 -0400
Request client certs when renegotiating on server-side. Spotted by lodger. Bugfix on 0.2.0.x.


svn:r13973

Nick Mathewson 17 years ago
parent
2cb7f63c9c
commit
24f91d2876
2 changed files with 3 additions and 1 deletions
Split View Show Diff Stats
  1. 2 0
      ChangeLog
  2. 1 1
      src/common/tortls.c

+ 2 - 0
ChangeLog
View File 

@@ -11,6 +11,8 @@ Changes in version 0.2.1.1-alpha - 2008-??-??
 
       events.  Caught by mwenge; bugfix on 0.1.2.x.
 
     - Fix the SVK version detection logic to work correctly on a branch.
 
       Bugfix on 0.2.0.x.
 
+    - Make sure servers always request certificates from clients during
 
+      TLS renegotiation. Bugfix on 0.2.0.x.
 
 
   o Minor features:
 
     - Allow separate log levels to be configured for different logging

+ 1 - 1
src/common/tortls.c
View File 

@@ -930,7 +930,7 @@ tor_tls_handshake(tor_tls_t *tls)
 
     tls->state = TOR_TLS_ST_OPEN;
 
     if (tls->isServer) {
 
       SSL_set_info_callback(tls->ssl, NULL);
 
-      SSL_set_verify(tls->ssl, SSL_VERIFY_NONE, always_accept_verify_cb);
 
+      SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, always_accept_verify_cb);
 
       /* There doesn't seem to be a clear OpenSSL API to clear mode flags. */
 
       tls->ssl->mode &= ~SSL_MODE_NO_AUTO_CHAIN;
 
 #ifdef V2_HANDSHAKE_SERVER