Commit 76875b09 authored by Simon Morlat's avatar Simon Morlat

Remove stupid default limit of 2 for X509 certificate verify chain.

parent a613e4e8
......@@ -11,7 +11,7 @@ dnl information on the package
dnl ---------------------------
dnl update both the version for AC_INIT and the LIBSOFIA_SIP_UA_MAJOR_MINOR
AC_INIT([sofia-sip], [1.13.27bc])
AC_INIT([sofia-sip], [1.13.28bc])
AC_CONFIG_SRCDIR([libsofia-sip-ua/sip/sofia-sip/sip.h])
AC_CONFIG_MACRO_DIR([m4])
AC_SUBST(VER_LIBSOFIA_SIP_UA_MAJOR_MINOR, [1.13])
......
......@@ -200,7 +200,7 @@ tls_t *tls_create(int type)
static
void tls_set_default(tls_issues_t *i)
{
i->verify_depth = i->verify_depth == 0 ? 2 : i->verify_depth;
i->verify_depth = 0; /*means openssl default*/
i->cert = i->cert ? i->cert : "agent.pem";
i->key = i->key ? i->key : i->cert;
i->randFile = i->randFile ? i->randFile : "tls_seed.dat";
......@@ -578,7 +578,7 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
else
verify = SSL_VERIFY_NONE;
SSL_CTX_set_verify_depth(tls->ctx, ti->verify_depth);
if (ti->verify_depth > 0) SSL_CTX_set_verify_depth(tls->ctx, ti->verify_depth); /*otherwise we use openssl's default depth*/
SSL_CTX_set_verify(tls->ctx, verify, tls_verify_cb);
if (!SSL_CTX_set_cipher_list(tls->ctx, ti->ciphers)) {
......
......@@ -199,7 +199,6 @@ static int tport_tls_init_master(tport_primary_t *pri,
su_strlst_t const *tls_subjects = NULL;
su_home_t autohome[SU_HOME_AUTO_SIZE(1024)];
tls_issues_t ti = {0};
const char *ssl_env_dir;
su_home_auto(autohome, sizeof autohome);
......@@ -220,12 +219,6 @@ static int tport_tls_init_master(tport_primary_t *pri,
/*Initialize base things with our TLS usage*/
if (tls_ciphers) ti.ciphers = su_strdup(autohome, tls_ciphers);
ssl_env_dir = getenv("SSL_CERT_DIR");
if (ssl_env_dir){
ti.CApath = su_strdup(autohome, ssl_env_dir);
}else{
ti.CApath = "/etc/ssl/certs";
}
ti.policy = tls_policy | (tls_verify ? TPTLS_VERIFY_ALL : 0);
ti.verify_depth = tls_depth;
ti.verify_date = tls_date;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment