Change default to SSL_PEER_NONE (don't require peer certificate).

author Kurt Zeilenga <kurt@openldap.org>

Fri, 1 Sep 2000 23:24:17 +0000 (23:24 +0000)

committer Kurt Zeilenga <kurt@openldap.org>

Fri, 1 Sep 2000 23:24:17 +0000 (23:24 +0000)
author Kurt Zeilenga <kurt@openldap.org>
Fri, 1 Sep 2000 23:24:17 +0000 (23:24 +0000)
committer Kurt Zeilenga <kurt@openldap.org>
Fri, 1 Sep 2000 23:24:17 +0000 (23:24 +0000)
diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c

index 4f64d783fd78525404c8a8b7617c8f17e0992047..f06c466266c07978c665caf917cd50acca73e44d 100644 (file)
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -199,9 +199,11 @@ ldap_pvt_tls_init_def_ctx( void )
                 if ( tls_opt_trace ) {
                         SSL_CTX_set_info_callback( tls_def_ctx, tls_info_cb );
                 }
-               SSL_CTX_set_verify( tls_def_ctx, (tls_opt_require_cert) ?
+               SSL_CTX_set_verify( tls_def_ctx,
+                       tls_opt_require_cert ?
                         (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT) :
-                       SSL_VERIFY_PEER, tls_verify_cb );
+                       SSL_VERIFY_NONE,
+                       tls_verify_cb );
                 SSL_CTX_set_tmp_rsa_callback( tls_def_ctx, tls_tmp_rsa_cb );
                 /* SSL_CTX_set_tmp_dh_callback( tls_def_ctx, tls_tmp_dh_cb ); */
         }
author	Kurt Zeilenga <kurt@openldap.org>
	Fri, 1 Sep 2000 23:24:17 +0000 (23:24 +0000)
committer	Kurt Zeilenga <kurt@openldap.org>
	Fri, 1 Sep 2000 23:24:17 +0000 (23:24 +0000)