From: Kurt Zeilenga <kurt@openldap.org>
Date: Fri, 1 Sep 2000 23:24:17 +0000 (+0000)
Subject: Change default to SSL_PEER_NONE (don't require peer certificate).
X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~2120
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=5518aefda0c0f46475258e143a8df84c7262d7a1;p=openldap

Change default to SSL_PEER_NONE (don't require peer certificate).
---

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index 4f64d783fd..f06c466266 100644
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -199,9 +199,11 @@ ldap_pvt_tls_init_def_ctx( void )
 		if ( tls_opt_trace ) {
 			SSL_CTX_set_info_callback( tls_def_ctx, tls_info_cb );
 		}
-		SSL_CTX_set_verify( tls_def_ctx, (tls_opt_require_cert) ?
+		SSL_CTX_set_verify( tls_def_ctx,
+			tls_opt_require_cert ?
 			(SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT) :
-			SSL_VERIFY_PEER, tls_verify_cb );
+			SSL_VERIFY_NONE,
+			tls_verify_cb );
 		SSL_CTX_set_tmp_rsa_callback( tls_def_ctx, tls_tmp_rsa_cb );
 		/* SSL_CTX_set_tmp_dh_callback( tls_def_ctx, tls_tmp_dh_cb ); */
 	}