tls: SSL_set_verify is used in the session alloc functions, so we don't need to call...

author Arran Cudbard-Bell <a.cudbardb@freeradius.org>

Mon, 12 Jun 2023 17:57:32 +0000 (13:57 -0400)

committer Arran Cudbard-Bell <a.cudbardb@freeradius.org>

Mon, 12 Jun 2023 17:58:16 +0000 (13:58 -0400)
author Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Mon, 12 Jun 2023 17:57:32 +0000 (13:57 -0400)
committer Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Mon, 12 Jun 2023 17:58:16 +0000 (13:58 -0400)
diff --git a/src/lib/tls/ctx.c b/src/lib/tls/ctx.c

index 6dea0304cf276ab2e5c2aaa61d979997cd52fba5..b253f419a9753345927808a4adf339f88d643d22 100644 (file)
--- a/src/lib/tls/ctx.c
+++ b/src/lib/tls/ctx.c
@@ -979,14 +979,11 @@ post_ca:
  #endif
  
         /*
-        *      Set verify modes
-        *      Always verify the peer certificate
+        *      SSL_ctx_set_verify is now called in the session
+        *      alloc functions so they can set custom behaviour
+        *      depending on the code area the SSL * will be used
+        *      and whether we're acting as a client or server.
          */
-       verify_mode |= SSL_VERIFY_PEER;
-       verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
-       verify_mode |= SSL_VERIFY_CLIENT_ONCE;
-       SSL_CTX_set_verify(ctx, verify_mode, fr_tls_verify_cert_cb);
-
         if (conf->verify_depth) {
                 SSL_CTX_set_verify_depth(ctx, conf->verify_depth);
         }
author	Arran Cudbard-Bell <a.cudbardb@freeradius.org>
	Mon, 12 Jun 2023 17:57:32 +0000 (13:57 -0400)
committer	Arran Cudbard-Bell <a.cudbardb@freeradius.org>
	Mon, 12 Jun 2023 17:58:16 +0000 (13:58 -0400)