S2S-TLS/OpenSSL: Postpone verification of TLS session right before server handshake - ngircd

diff options

author	Alexander Barton <alex@barton.de>	2024-01-02 22:02:46 +0100
committer	Alexander Barton <alex@barton.de>	2024-03-23 20:19:01 +0100
commit	3db3b47fc7172a69b7d99d66eddb07a323dc6e74 (patch)
tree	c4b9ad8c522755c112ecfe35861453e2df4077be /src/tool/tool.h
parent	679505aab9fea21b27a3d4bbf99cf2a16cf3d3d5 (diff)
download	ngircd-3db3b47fc7172a69b7d99d66eddb07a323dc6e74.tar.gz ngircd-3db3b47fc7172a69b7d99d66eddb07a323dc6e74.zip

S2S-TLS/OpenSSL: Postpone verification of TLS session right before server handshake

The verify callback in OpenSSL is called pretty early, and at that time
it is not possible yet to check which connection it belongs to, and some
connections may have relaxed requirements.

So always return success in the Verify_openssl() callback, and postpone
validation of the TLS session until starting the server handshake in
cb_connserver_login_ssl(), when we know which server this connection
belongs to and which options (like "SSLVerify") are in effect.

The code doing this was already present in cb_connserver_login_ssl(),
but this patch adds a more prominent comment to the function.

Diffstat (limited to 'src/tool/tool.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: