aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlessandro Ghedini <alessandro@ghedini.me>2015-08-21 14:50:45 +0200
committerDaniel Stenberg <daniel@haxx.se>2015-08-21 15:32:51 +0200
commit8363656cb4e0c60a11d8531ead0ec43120b50591 (patch)
tree3837aedd021d01b7a3d6acb91091f10afc4db6a1
parent38ef1b3e7f69e84b56dde28baca046a067dc0efb (diff)
openssl: handle lack of server cert when strict checking disabled
If strict certificate checking is disabled (CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST are disabled) do not fail if the server doesn't present a certificate at all. Closes #392
-rw-r--r--lib/vtls/openssl.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 90e4c2b32..8600c6184 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -2644,8 +2644,10 @@ static CURLcode servercert(struct connectdata *conn,
connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
if(!connssl->server_cert) {
- if(strict)
- failf(data, "SSL: couldn't get peer certificate!");
+ if(!strict)
+ return CURLE_OK;
+
+ failf(data, "SSL: couldn't get peer certificate!");
return CURLE_PEER_FAILED_VERIFICATION;
}