From a62e7ff2c29b387810ad43e47d9c4c3f6dfc4d98 Mon Sep 17 00:00:00 2001
From: Mattes D <github@xoft.cz>
Date: Sun, 24 Jan 2016 17:22:05 +0100
Subject: LuaTcpSsl: Disabled cert verification due to missing CA chain.

---
 src/PolarSSL++/SslContext.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/PolarSSL++/SslContext.cpp')

diff --git a/src/PolarSSL++/SslContext.cpp b/src/PolarSSL++/SslContext.cpp
index 90e0ae0e2..4ff0c3077 100644
--- a/src/PolarSSL++/SslContext.cpp
+++ b/src/PolarSSL++/SslContext.cpp
@@ -61,7 +61,7 @@ int cSslContext::Initialize(bool a_IsClient, const SharedPtr<cCtrDrbgContext> &
 		return res;
 	}
 	ssl_set_endpoint(&m_Ssl, a_IsClient ? SSL_IS_CLIENT : SSL_IS_SERVER);
-	ssl_set_authmode(&m_Ssl, a_IsClient ? SSL_VERIFY_OPTIONAL : SSL_VERIFY_NONE);  // Clients ask for server's cert but don't verify strictly; servers don't ask clients for certs by default
+	ssl_set_authmode(&m_Ssl, SSL_VERIFY_NONE);  // We cannot verify because we don't have a CA chain, required by PolarSSL, implemented yet (TODO)
 	ssl_set_rng(&m_Ssl, ctr_drbg_random, &m_CtrDrbg->m_CtrDrbg);
 	ssl_set_bio(&m_Ssl, ReceiveEncrypted, this, SendEncrypted, this);
 	
@@ -85,7 +85,7 @@ int cSslContext::Initialize(bool a_IsClient, const SharedPtr<cCtrDrbgContext> &
 			0,  // Must be 0-terminated!
 		};
 		ssl_set_ciphersuites(&m_Ssl, CipherSuites);
-		*/
+		//*/
 	#endif
 	
 	m_IsValid = true;
-- 
cgit v1.2.3