S2S-TLS/OpenSSL: Set the verification flags only once

author Alexander Barton <alex@barton.de>

Tue, 2 Jan 2024 19:55:15 +0000 (20:55 +0100)

committer Alexander Barton <alex@barton.de>

Sat, 23 Mar 2024 19:19:01 +0000 (20:19 +0100)
author Alexander Barton <alex@barton.de>
Tue, 2 Jan 2024 19:55:15 +0000 (20:55 +0100)
committer Alexander Barton <alex@barton.de>
Sat, 23 Mar 2024 19:19:01 +0000 (20:19 +0100)
diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c

index ce4e27c1513cf35ea673583030dbb2d298cc8343..a51f46b2b48d3b762b8fac5e41cb6d19ec17e757 100644 (file)
--- a/src/ngircd/conn-ssl.c
+++ b/src/ngircd/conn-ssl.c
@@ -401,8 +401,6 @@ ConnSSL_InitLibrary( void )
                             SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
                             SSL_OP_NO_COMPRESSION);
         SSL_CTX_set_mode(newctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
-       SSL_CTX_set_verify(newctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
-                          Verify_openssl);
         SSL_CTX_free(ssl_ctx);
         ssl_ctx = newctx;
         Log(LOG_INFO, "%s initialized.", OpenSSL_version(OPENSSL_VERSION));
@@ -615,7 +613,6 @@ ConnSSL_SetVerifyProperties_openssl(SSL_CTX * ctx)
  {
         X509_STORE *store = NULL;
         X509_LOOKUP *lookup;
-       int verify_flags = SSL_VERIFY_PEER;
         bool ret = false;
  
         if (!Conf_SSLOptions.CAFile)
@@ -649,7 +646,8 @@ ConnSSL_SetVerifyProperties_openssl(SSL_CTX * ctx)
                 }
         }
  
-       SSL_CTX_set_verify(ctx, verify_flags, Verify_openssl);
+       SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
+                          Verify_openssl);
         SSL_CTX_set_verify_depth(ctx, MAX_CERT_CHAIN_LENGTH);
         ret = true;
  out:
author	Alexander Barton <alex@barton.de>
	Tue, 2 Jan 2024 19:55:15 +0000 (20:55 +0100)
committer	Alexander Barton <alex@barton.de>
	Sat, 23 Mar 2024 19:19:01 +0000 (20:19 +0100)