From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Thu, 4 Jun 2015 17:17:36 +0000 (-0600)
Subject: More duplicate code (tls_new_session also sets client cert verification flags)
X-Git-Tag: release_3_0_9~268
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2f1dde1406026b5265407e986c087f6a62780432;p=thirdparty%2Ffreeradius-server.git

More duplicate code (tls_new_session also sets client cert verification flags)
---

diff --git a/src/modules/rlm_eap/libeap/eap_tls.c b/src/modules/rlm_eap/libeap/eap_tls.c
index 251703e1fa5..83d34f11bd3 100644
--- a/src/modules/rlm_eap/libeap/eap_tls.c
+++ b/src/modules/rlm_eap/libeap/eap_tls.c
@@ -81,17 +81,6 @@ tls_session_t *eaptls_session(eap_handler_t *handler, fr_tls_server_conf_t *tls_
 		return NULL;
 	}
 
-	/*
-	 *	Verify the peer certificate, if asked.
-	 */
-	if (client_cert) {
-		RDEBUG2("Requiring client certificate");
-		verify_mode = SSL_VERIFY_PEER;
-		verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
-		verify_mode |= SSL_VERIFY_CLIENT_ONCE;
-	}
-	SSL_set_verify(ssn->ssl, verify_mode, cbtls_verify);
-
 	/*
 	 *	Create a structure for all the items required to be
 	 *	verified for each client and set that as opaque data