#ifdef EXPERIMENTAL_DANE
+
/* This gets called *by* the dane library verify callback, which interposes
itself.
*/
tls_out.peercert = X509_dup(cert);
if (state == 1)
+ tls_out.dane_verified =
tls_out.certificate_verified = TRUE;
return 1;
}
-#endif
+
+#endif /*EXPERIMENTAL_DANE*/
/*************************************************
optional, set up appropriately. */
tls_in.certificate_verified = FALSE;
+#ifdef EXPERIMENTAL_DANE
+tls_in.dane_verified = FALSE;
+#endif
server_verify_callback_called = FALSE;
if (verify_check_host(&tls_verify_hosts) == OK)
if (rc != OK) return rc;
tls_out.certificate_verified = FALSE;
+#ifdef EXPERIMENTAL_DANE
+tls_out.dane_verified = FALSE;
+#endif
client_verify_callback_called = FALSE;
if (!expand_check(ob->tls_require_ciphers, US"tls_require_ciphers",