From 0b1a3f0aea4cace6f5b316c7613d125a7a2811ea Mon Sep 17 00:00:00 2001 From: Marcel Poul Date: Wed, 1 Feb 2012 15:32:34 +0000 Subject: [PATCH] set SSLv2 flag on SSL level --- emi.canl.canl-c/src/canl_ssl.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/emi.canl.canl-c/src/canl_ssl.c b/emi.canl.canl-c/src/canl_ssl.c index b9732f6..68cd831 100644 --- a/emi.canl.canl-c/src/canl_ssl.c +++ b/emi.canl.canl-c/src/canl_ssl.c @@ -38,9 +38,6 @@ ssl_initialize(glb_ctx *cc, mech_glb_ctx **m_glb_ctx) if (!*m_glb_ctx) return set_error(cc, ENOMEM, POSIX_ERROR, "Not enough memory"); - /* TODO what is this? */ - SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2); - err = proxy_get_filenames(0, &ca_cert_fn, &ca_cert_dirn, NULL, NULL, NULL); if (!err && (ca_cert_fn || ca_cert_dirn)) SSL_CTX_load_verify_locations(ssl_ctx, ca_cert_fn, ca_cert_dirn); @@ -322,7 +319,6 @@ static int check_hostname_cert(glb_ctx *cc, io_handler *io, if (!serv_cert) return set_error(cc, CANL_ERR_unknownMsg, CANL_ERROR, "Server certificate missing"); - return 2; //TODO is missing certificate error?, sure. i = X509_get_ext_by_NID(serv_cert, NID_subject_alt_name, -1); if (i != -1) { /* subj. alt. name extention present */ -- 1.8.2.3