From eed2d9aa3d175100bc1bd8aa0ac8a4eb6de8aa4c Mon Sep 17 00:00:00 2001 From: Marcel Poul Date: Tue, 11 Sep 2012 12:50:22 +0000 Subject: [PATCH] use SSL_CTX_verify when setting default caNl cert. verification callbacks, use verification mode, no need to use user data for callbacks from the user. --- emi.canl.canl-c/src/canl_ssl.c | 7 ++++--- emi.canl.canl-c/src/canl_ssl.h | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/emi.canl.canl-c/src/canl_ssl.c b/emi.canl.canl-c/src/canl_ssl.c index 227bbbe..cf9de14 100644 --- a/emi.canl.canl-c/src/canl_ssl.c +++ b/emi.canl.canl-c/src/canl_ssl.c @@ -1123,7 +1123,7 @@ canl_ctx_set_ca_fn(canl_ctx cc, const char *fn) } canl_err_code CANL_CALLCONV -canl_ssl_ctx_set_clb(canl_ctx cc, SSL_CTX *ssl_ctx, void *user_data) +canl_ssl_ctx_set_clb(canl_ctx cc, SSL_CTX *ssl_ctx, int ver_mode) { glb_ctx *glb_cc = (glb_ctx*) cc; if (!cc) @@ -1132,8 +1132,9 @@ canl_ssl_ctx_set_clb(canl_ctx cc, SSL_CTX *ssl_ctx, void *user_data) return set_error(glb_cc, EINVAL, POSIX_ERROR, "SSL context not" " initialized"); - SSL_CTX_set_cert_verify_callback(ssl_ctx, proxy_app_verify_callback, - user_data); + SSL_CTX_set_cert_verify_callback(ssl_ctx, proxy_app_verify_callback, NULL); + + SSL_CTX_set_verify(ssl_ctx, ver_mode, proxy_verify_callback); return 0; } diff --git a/emi.canl.canl-c/src/canl_ssl.h b/emi.canl.canl-c/src/canl_ssl.h index 8c2ec7e..0f923c5 100644 --- a/emi.canl.canl-c/src/canl_ssl.h +++ b/emi.canl.canl-c/src/canl_ssl.h @@ -39,7 +39,7 @@ canl_ctx_set_pkcs11_init_args(canl_ctx, const char *); /* Set canl cert verification callbacks into SSL_CTX. Do not use SSL_CTX stored in canl_ctx */ canl_err_code CANL_CALLCONV -canl_ssl_ctx_set_clb(canl_ctx cc, SSL_CTX *ssl_ctx, void *user_data); +canl_ssl_ctx_set_clb(canl_ctx cc, SSL_CTX *ssl_ctx, int ver_mode); #ifdef __cplusplus } -- 1.8.2.3