git://git.exim.org
/
exim.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
3750d68
)
Fail a DANE-mode verify on totally missing certificate
author
Jeremy Harris
<jgh146exb@wizmail.org>
Thu, 4 Dec 2014 19:17:47 +0000
(19:17 +0000)
committer
Jeremy Harris
<jgh146exb@wizmail.org>
Thu, 4 Dec 2014 19:17:47 +0000
(19:17 +0000)
src/src/tls-openssl.c
patch
|
blob
|
history
diff --git
a/src/src/tls-openssl.c
b/src/src/tls-openssl.c
index 9aa655e8251f79a177d4f9b73135554989e33ba2..c23ac031f5b544f6486710e4e8b24344c0a539e6 100644
(file)
--- a/
src/src/tls-openssl.c
+++ b/
src/src/tls-openssl.c
@@
-1872,7
+1872,9
@@
if (expciphers != NULL)
#ifdef EXPERIMENTAL_DANE
if (tlsa_dnsa)
{
#ifdef EXPERIMENTAL_DANE
if (tlsa_dnsa)
{
- SSL_CTX_set_verify(client_ctx, SSL_VERIFY_PEER, verify_callback_client_dane);
+ SSL_CTX_set_verify(client_ctx,
+ SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+ verify_callback_client_dane);
if (!DANESSL_library_init())
return tls_error(US"library init", host, NULL);
if (!DANESSL_library_init())
return tls_error(US"library init", host, NULL);