www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

support "SSLVerifyClient optional_no_ca"

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90599 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Doug MacEachern
2001-08-24 00:09:30 +00:00
parent 0171b0a5b9
commit 48c41169f0
3 changed files with 43 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
modules/ssl/ssl_engine_kernel.c
View File

@@ -1237,14 +1237,9 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
verify = dc->nVerifyClient;
else
verify = sc->nVerifyClient;
if ( ( errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
|| errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
|| errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
#if SSL_LIBRARY_VERSION >= 0x00905000
|| errnum == X509_V_ERR_CERT_UNTRUSTED
#endif
|| errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE )
&& verify == SSL_CVERIFY_OPTIONAL_NO_CA ) {
if (ssl_verify_error_is_optional(errnum) &&
verify == SSL_CVERIFY_OPTIONAL_NO_CA)
{
ssl_log(s, SSL_LOG_TRACE,
"Certificate Verification: Verifiable Issuer is configured as "
"optional, therefore we're accepting the certificate");