Mercurial > dovecot > core-2.2
changeset 21918:2a1ffa18d91a
lib-ssl-iostream: Don't require SSL CA certs if require_valid_cert==FALSE
This happened only when verify_remote_cert was also TRUE. But this behavior
now allows verifying the cert without actually requiring it to be valid.
author | Timo Sirainen <timo.sirainen@dovecot.fi> |
---|---|
date | Fri, 07 Apr 2017 16:13:13 +0300 |
parents | 7a419cf835f0 |
children | e0a5e0b06e50 |
files | src/lib-ssl-iostream/iostream-openssl-context.c |
diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib-ssl-iostream/iostream-openssl-context.c Fri Apr 07 15:47:27 2017 +0300 +++ b/src/lib-ssl-iostream/iostream-openssl-context.c Fri Apr 07 16:13:13 2017 +0300 @@ -310,7 +310,7 @@ have_ca = TRUE; } - if (!have_ca) { + if (!have_ca && set->require_valid_cert) { *error_r = !ctx->client_ctx ? "Can't verify remote client certs without CA (ssl_ca setting)" : "Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)";