generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

openssl: handle lack of server cert when strict checking disabled

Browse Source 
If strict certificate checking is disabled (CURLOPT_SSL_VERIFYPEER
and CURLOPT_SSL_VERIFYHOST are disabled) do not fail if the server
doesn't present a certificate at all.

Closes #392
This commit is contained in:
Alessandro Ghedini 2015-08-21 14:50:45 +02:00 committed by Daniel Stenberg
parent 38ef1b3e7f
commit 8363656cb4
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/vtls/openssl.c
View File

@ -2644,8 +2644,10 @@ static CURLcode servercert(struct connectdata *conn,
connssl->server_cert = SSL_get_peer_certificate(connssl->handle); connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
if(!connssl->server_cert) { if(!connssl->server_cert) {
if(strict) if(!strict)
failf(data, "SSL: couldn't get peer certificate!"); return CURLE_OK;
failf(data, "SSL: couldn't get peer certificate!");
return CURLE_PEER_FAILED_VERIFICATION; return CURLE_PEER_FAILED_VERIFICATION;
} }