diff options
| author | Alessandro Ghedini <alessandro@ghedini.me> | 2015-08-21 14:50:45 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2015-08-21 15:32:51 +0200 |
| commit | 8363656cb4e0c60a11d8531ead0ec43120b50591 (patch) | |
| tree | 3837aedd021d01b7a3d6acb91091f10afc4db6a1 | |
| parent | 38ef1b3e7f69e84b56dde28baca046a067dc0efb (diff) | |
openssl: handle lack of server cert when strict checking disabled
If strict certificate checking is disabled (CURLOPT_SSL_VERIFYPEER
and CURLOPT_SSL_VERIFYHOST are disabled) do not fail if the server
doesn't present a certificate at all.
Closes #392
| -rw-r--r-- | lib/vtls/openssl.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 90e4c2b32..8600c6184 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -2644,8 +2644,10 @@ static CURLcode servercert(struct connectdata *conn, connssl->server_cert = SSL_get_peer_certificate(connssl->handle); if(!connssl->server_cert) { - if(strict) - failf(data, "SSL: couldn't get peer certificate!"); + if(!strict) + return CURLE_OK; + + failf(data, "SSL: couldn't get peer certificate!"); return CURLE_PEER_FAILED_VERIFICATION; } |