From 8363656cb4e0c60a11d8531ead0ec43120b50591 Mon Sep 17 00:00:00 2001
From: Alessandro Ghedini <alessandro@ghedini.me>
Date: Fri, 21 Aug 2015 14:50:45 +0200
Subject: openssl: handle lack of server cert when strict checking disabled

If strict certificate checking is disabled (CURLOPT_SSL_VERIFYPEER
and CURLOPT_SSL_VERIFYHOST are disabled) do not fail if the server
doesn't present a certificate at all.

Closes #392
---
 lib/vtls/openssl.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'lib/vtls/openssl.c')

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 90e4c2b32..8600c6184 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -2644,8 +2644,10 @@ static CURLcode servercert(struct connectdata *conn,
 
   connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
   if(!connssl->server_cert) {
-    if(strict)
-      failf(data, "SSL: couldn't get peer certificate!");
+    if(!strict)
+      return CURLE_OK;
+
+    failf(data, "SSL: couldn't get peer certificate!");
     return CURLE_PEER_FAILED_VERIFICATION;
   }
 
-- 
cgit v1.2.3