Commit c4816a5c authored by Simon Morlat's avatar Simon Morlat

Removing the max depth seems to have triggered an issue with an SSL handshake...

Removing the max depth seems to have triggered an issue with an SSL handshake that never terminates, causing flexisip unable to serve clients.
parent 76875b09
......@@ -11,7 +11,7 @@ dnl information on the package
dnl ---------------------------
dnl update both the version for AC_INIT and the LIBSOFIA_SIP_UA_MAJOR_MINOR
AC_INIT([sofia-sip], [1.13.28bc])
AC_INIT([sofia-sip], [1.13.29bc])
AC_CONFIG_SRCDIR([libsofia-sip-ua/sip/sofia-sip/sip.h])
AC_CONFIG_MACRO_DIR([m4])
AC_SUBST(VER_LIBSOFIA_SIP_UA_MAJOR_MINOR, [1.13])
......
......@@ -200,7 +200,7 @@ tls_t *tls_create(int type)
static
void tls_set_default(tls_issues_t *i)
{
i->verify_depth = 0; /*means openssl default*/
i->verify_depth = 5; /*using openssl's default depth seems to create an issue showing an endless tls handshake*/
i->cert = i->cert ? i->cert : "agent.pem";
i->key = i->key ? i->key : i->cert;
i->randFile = i->randFile ? i->randFile : "tls_seed.dat";
......@@ -578,7 +578,7 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
else
verify = SSL_VERIFY_NONE;
if (ti->verify_depth > 0) SSL_CTX_set_verify_depth(tls->ctx, ti->verify_depth); /*otherwise we use openssl's default depth*/
SSL_CTX_set_verify_depth(tls->ctx, ti->verify_depth);
SSL_CTX_set_verify(tls->ctx, verify, tls_verify_cb);
if (!SSL_CTX_set_cipher_list(tls->ctx, ti->ciphers)) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment