Mercurial > dovecot > original-hg > dovecot-1.2
diff src/login-common/ssl-proxy-openssl.c @ 1997:1d0985f6bdd9 HEAD
Added ssl_verify_client_cert setting.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 10 May 2004 05:15:16 +0300 |
parents | d8f06a0c818e |
children | 3dd9d3165bff |
line wrap: on
line diff
--- a/src/login-common/ssl-proxy-openssl.c Mon May 10 04:55:41 2004 +0300 +++ b/src/login-common/ssl-proxy-openssl.c Mon May 10 05:15:16 2004 +0300 @@ -453,6 +453,12 @@ if (SSL_CTX_need_tmp_RSA(ssl_ctx)) SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key); + if (getenv("SSL_VERIFY_CLIENT_CERT") != NULL) { + SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER | + SSL_VERIFY_FAIL_IF_NO_PEER_CERT | + SSL_VERIFY_CLIENT_ONCE, NULL); + } + /* PRNG initialization might want to use /dev/urandom, make sure it does it before chrooting. */ if (RAND_bytes(&buf, 1) != 1)