openssl: remove dummy callback use from SSL_CTX_set_verify()
The existing callback served no purpose.
This commit is contained in:
Daniel Stenberg
@@ -716,17 +716,6 @@ static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
static
|
|
||||||
int cert_verify_callback(int ok, X509_STORE_CTX *ctx)
|
|
||||||
{
|
|
||||||
X509 *err_cert;
|
|
||||||
char buf[256];
|
|
||||||
|
|
||||||
err_cert=X509_STORE_CTX_get_current_cert(ctx);
|
|
||||||
(void)x509_name_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
|
|
||||||
return ok;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Return error string for last OpenSSL error
|
/* Return error string for last OpenSSL error
|
||||||
*/
|
*/
|
||||||
static char *SSL_strerror(unsigned long error, char *buf, size_t size)
|
static char *SSL_strerror(unsigned long error, char *buf, size_t size)
|
||||||
@@ -2079,7 +2068,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
|||||||
* SSL_get_verify_result() below. */
|
* SSL_get_verify_result() below. */
|
||||||
SSL_CTX_set_verify(connssl->ctx,
|
SSL_CTX_set_verify(connssl->ctx,
|
||||||
data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,
|
data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,
|
||||||
cert_verify_callback);
|
NULL);
|
||||||
|
|
||||||
/* give application a chance to interfere with SSL set up. */
|
/* give application a chance to interfere with SSL set up. */
|
||||||
if(data->set.ssl.fsslctx) {
|
if(data->set.ssl.fsslctx) {
|
||||||
|
|||||||
Reference in New Issue
Block a user