OpenVPN/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2025-05-09 21:51:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix the --client-cert-not-required feature

Browse Source 
Commit 2e8337de248ef0b5b48cbb2964da0d5c3f28b15b introduced a new
feature for using other SSL certificate fields for authentication
than the CN field.

This commit introduced a bug, which made the verify_callback()
function getting called even if --client-cert-not-required was
enabled in the config.

The reason for this was that an 'else' statement was lacking a
couple of curly braces.  The offending commit in reality moved
the setup of the verify_callback() function out of the 'else'
statement.

Report-URL: https://community.openvpn.net/openvpn/ticket/108
Report-URL: https://forums.openvpn.net/topic7751.html
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Jan Just Keijser <janjust@nikhef.nl>
(cherry picked from commit 008a18e772bf1854f9a2102bef4b3d5b0a08a66b)
This commit is contained in:
David Sommerseth 2011-03-30 14:14:21 +02:00
parent 53aa737dd1
commit 272aef2f0f
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssl.c
View File

@ -1874,6 +1874,7 @@ init_ssl (const struct options *options)
} }
else else
#endif #endif
{
#ifdef ENABLE_X509ALTUSERNAME #ifdef ENABLE_X509ALTUSERNAME
x509_username_field = (char *) options->x509_username_field; x509_username_field = (char *) options->x509_username_field;
#else #else
@ -1881,6 +1882,7 @@ init_ssl (const struct options *options)
#endif #endif
SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback); verify_callback);
}
/* Connection information callback */ /* Connection information callback */
SSL_CTX_set_info_callback (ctx, info_callback); SSL_CTX_set_info_callback (ctx, info_callback);