summaryrefslogtreecommitdiffstats
path: root/src/PolarSSL++
diff options
context:
space:
mode:
Diffstat (limited to 'src/PolarSSL++')
-rw-r--r--src/PolarSSL++/BlockingSslClientSocket.h5
-rw-r--r--src/PolarSSL++/SslContext.cpp2
2 files changed, 6 insertions, 1 deletions
diff --git a/src/PolarSSL++/BlockingSslClientSocket.h b/src/PolarSSL++/BlockingSslClientSocket.h
index 319e82bf2..462ee95a7 100644
--- a/src/PolarSSL++/BlockingSslClientSocket.h
+++ b/src/PolarSSL++/BlockingSslClientSocket.h
@@ -21,6 +21,11 @@ class cBlockingSslClientSocket :
{
public:
cBlockingSslClientSocket(void);
+
+ ~cBlockingSslClientSocket(void)
+ {
+ Disconnect();
+ }
/** Connects to the specified server and performs SSL handshake.
Returns true if successful, false on failure. Sets internal error text on failure. */
diff --git a/src/PolarSSL++/SslContext.cpp b/src/PolarSSL++/SslContext.cpp
index 4c7fd4a23..5ac4bc227 100644
--- a/src/PolarSSL++/SslContext.cpp
+++ b/src/PolarSSL++/SslContext.cpp
@@ -152,7 +152,7 @@ void cSslContext::SetCACerts(const cX509CertPtr & a_CACert, const AString & a_Ex
m_CACerts = a_CACert;
// Set the trusted CA root cert store:
- ssl_set_authmode(&m_Ssl, SSL_VERIFY_OPTIONAL);
+ ssl_set_authmode(&m_Ssl, SSL_VERIFY_REQUIRED);
ssl_set_ca_chain(&m_Ssl, m_CACerts->GetInternal(), nullptr, m_ExpectedPeerName.empty() ? nullptr : m_ExpectedPeerName.c_str());
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-13 18:09:33 +0100