diff options
| -rw-r--r-- | lib/ssl_client.h | 2 | ||||
| -rw-r--r-- | lib/ssl_nss.c | 7 | ||||
| -rw-r--r-- | lib/ssl_openssl.c | 7 |
3 files changed, 6 insertions, 10 deletions
diff --git a/lib/ssl_client.h b/lib/ssl_client.h index d8822143..206fe9cb 100644 --- a/lib/ssl_client.h +++ b/lib/ssl_client.h @@ -36,8 +36,6 @@ /* Some generic error codes. Especially SSL_AGAIN is important if you want to do asynchronous I/O. */ -#define NSS_VERIFY_ERROR -2 -#define OPENSSL_VERIFY_ERROR -1 #define SSL_OK 0 #define SSL_NOHANDSHAKE 1 #define SSL_AGAIN 2 diff --git a/lib/ssl_nss.c b/lib/ssl_nss.c index 5b573f9b..d50620d5 100644 --- a/lib/ssl_nss.c +++ b/lib/ssl_nss.c @@ -139,7 +139,7 @@ void *ssl_starttls( int fd, char *hostname, gboolean verify, ssl_input_function conn->fd = fd; conn->func = func; conn->data = data; - conn->verify = verify; + conn->verify = verify && global.conf->cafile; /* This function should be called via a (short) timeout instead of directly from here, because these SSL calls are *supposed* to be @@ -159,12 +159,11 @@ static gboolean ssl_connected( gpointer data, gint source, b_input_condition con { struct scd *conn = data; - /* Right now we don't have any verification functionality for nss so we - fail in case verification has been requested by the user. */ + /* Right now we don't have any verification functionality for NSS. */ if( conn->verify ) { - conn->func( conn->data, NSS_VERIFY_ERROR, NULL, cond ); + conn->func( conn->data, 1, NULL, cond ); if( source >= 0 ) closesocket( source ); g_free( conn ); diff --git a/lib/ssl_openssl.c b/lib/ssl_openssl.c index 955c8274..5c38d0e9 100644 --- a/lib/ssl_openssl.c +++ b/lib/ssl_openssl.c @@ -90,7 +90,7 @@ void *ssl_starttls( int fd, char *hostname, gboolean verify, ssl_input_function conn->func = func; conn->data = data; conn->inpa = -1; - conn->verify = verify; + conn->verify = verify && global.conf->cafile; /* This function should be called via a (short) timeout instead of directly from here, because these SSL calls are *supposed* to be @@ -118,12 +118,11 @@ static gboolean ssl_connected( gpointer data, gint source, b_input_condition con struct scd *conn = data; SSL_METHOD *meth; - /* Right now we don't have any verification functionality for openssl so we - fail in case verification has been requested by the user. */ + /* Right now we don't have any verification functionality for OpenSSL. */ if( conn->verify ) { - conn->func( conn->data, OPENSSL_VERIFY_ERROR, NULL, cond ); + conn->func( conn->data, 1, NULL, cond ); if( source >= 0 ) closesocket( source ); g_free( conn ); |