projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6afef8b) | patch
Fix client verify mode to check SSL_VERIFY_PEER
authorViktor Dukhovni <openssl-users@dukhovni.org>
Sat, 2 Apr 2016 20:47:48 +0000 (16:47 -0400)
committerViktor Dukhovni <openssl-users@dukhovni.org>
Thu, 7 Apr 2016 18:41:34 +0000 (14:41 -0400)
commitc636c1c470fd2b4b0cb546e6ee85971375e42ec1
tree68c9a306d606ae2bae3a77ee677999209ccdd7b4tree | snapshot
parent6afef8b1fb679df7d6a8606d713192c9907b1890commit | diff
Fix client verify mode to check SSL_VERIFY_PEER

The original check for != SSL_VERIFY_NONE can give surprising results
when flags SSL_VERIFY_PEER is not set, but other flags are.  Note
that SSL_VERIFY_NONE (0) is not a flag bit, it is rather the absense
of all other flag bits.

Signed-off-by: Rob Percival <robpercival@google.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
doc/ssl/SSL_CTX_set_verify.pod diff | blob | history
ssl/statem/statem_clnt.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.