summaryrefslogtreecommitdiffstats
path: root/src/PolarSSL++/SslContext.cpp
diff options
context:
space:
mode:
authorMattes D <github@xoft.cz>2016-01-24 17:22:49 +0100
committerMattes D <github@xoft.cz>2016-01-24 17:22:49 +0100
commit24c418b2b661774c28553d0b8904ae1dc19d6241 (patch)
treea9883805f27613b8788a11321afe10dd1b39ed40 /src/PolarSSL++/SslContext.cpp
parentMerge pull request #2899 from cuberite/FixHttpParsing (diff)
parentLuaTcpSsl: Disabled cert verification due to missing CA chain. (diff)
downloadcuberite-24c418b2b661774c28553d0b8904ae1dc19d6241.tar
cuberite-24c418b2b661774c28553d0b8904ae1dc19d6241.tar.gz
cuberite-24c418b2b661774c28553d0b8904ae1dc19d6241.tar.bz2
cuberite-24c418b2b661774c28553d0b8904ae1dc19d6241.tar.lz
cuberite-24c418b2b661774c28553d0b8904ae1dc19d6241.tar.xz
cuberite-24c418b2b661774c28553d0b8904ae1dc19d6241.tar.zst
cuberite-24c418b2b661774c28553d0b8904ae1dc19d6241.zip
Diffstat (limited to 'src/PolarSSL++/SslContext.cpp')
-rw-r--r--src/PolarSSL++/SslContext.cpp4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/PolarSSL++/SslContext.cpp b/src/PolarSSL++/SslContext.cpp
index 90e0ae0e2..4ff0c3077 100644
--- a/src/PolarSSL++/SslContext.cpp
+++ b/src/PolarSSL++/SslContext.cpp
@@ -61,7 +61,7 @@ int cSslContext::Initialize(bool a_IsClient, const SharedPtr<cCtrDrbgContext> &
return res;
}
ssl_set_endpoint(&m_Ssl, a_IsClient ? SSL_IS_CLIENT : SSL_IS_SERVER);
- ssl_set_authmode(&m_Ssl, a_IsClient ? SSL_VERIFY_OPTIONAL : SSL_VERIFY_NONE); // Clients ask for server's cert but don't verify strictly; servers don't ask clients for certs by default
+ ssl_set_authmode(&m_Ssl, SSL_VERIFY_NONE); // We cannot verify because we don't have a CA chain, required by PolarSSL, implemented yet (TODO)
ssl_set_rng(&m_Ssl, ctr_drbg_random, &m_CtrDrbg->m_CtrDrbg);
ssl_set_bio(&m_Ssl, ReceiveEncrypted, this, SendEncrypted, this);
@@ -85,7 +85,7 @@ int cSslContext::Initialize(bool a_IsClient, const SharedPtr<cCtrDrbgContext> &
0, // Must be 0-terminated!
};
ssl_set_ciphersuites(&m_Ssl, CipherSuites);
- */
+ //*/
#endif
m_IsValid = true;