mirrors/cpp-httplib
1
0
Fork 0
mirror of https://github.com/yhirose/cpp-httplib.git synced 2025-05-10 09:43:51 +00:00
Code Issues Projects Releases Wiki Activity

remove requirement for trusted_cert_path

Browse Source
This commit is contained in:
PixlRainbow 2019-06-06 23:34:24 +08:00
parent 57f61bf80e
commit 628b1115ea
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
httplib.h
View File

@ -2259,7 +2259,7 @@ read_and_close_socket_ssl(socket_t sock, size_t keep_alive_max_count,
return false;
}
if(trusted_cert_path && client_cert_path){
if(client_cert_path){
STACK_OF(X509_NAME)* list;
//list of client CAs to request from client
list = SSL_load_client_CA_file(client_cert_path);
@ -2272,6 +2272,11 @@ read_and_close_socket_ssl(socket_t sock, size_t keep_alive_max_count,
bool ret = false;
if (SSL_connect_or_accept(ssl) == 1) {
/*
auto client_cert = SSL_get_peer_certificate(ssl);
if(client_cert)
printf("Connected client: %s\n", client_cert->name);
*/
if (keep_alive_max_count > 0) {
auto count = keep_alive_max_count;
while (count > 0 &&
@ -2364,7 +2369,7 @@ inline SSLServer::SSLServer(const char *cert_path,
1) {
SSL_CTX_free(ctx_);
ctx_ = nullptr;
} else if(client_cert_path_ && trusted_cert_path_) {
} else if(client_cert_path_) {
SSL_CTX_set_verify(ctx_,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, //SSL_VERIFY_CLIENT_ONCE,
nullptr