equal
deleted
inserted
replaced
381 cert_file = "/etc/ssl/cert.pem"; |
381 cert_file = "/etc/ssl/cert.pem"; |
382 if (!SSL_CTX_load_verify_locations(ssl->ssl_ctx, |
382 if (!SSL_CTX_load_verify_locations(ssl->ssl_ctx, |
383 cert_file, "/etc/ssl/certs")) { |
383 cert_file, "/etc/ssl/certs")) { |
384 g_warning("SSL_CTX_load_verify_locations() failed"); |
384 g_warning("SSL_CTX_load_verify_locations() failed"); |
385 }*/ |
385 }*/ |
386 SSL_CTX_set_default_verify_paths (ssl->ssl_ctx); |
|
387 SSL_CTX_set_verify (ssl->ssl_ctx, SSL_VERIFY_PEER, ssl_verify_cb); |
386 SSL_CTX_set_verify (ssl->ssl_ctx, SSL_VERIFY_PEER, ssl_verify_cb); |
388 } |
387 } |
389 |
388 |
390 gboolean |
389 gboolean |
391 _lm_ssl_set_ca (LmSSL *ssl, |
390 _lm_ssl_set_ca (LmSSL *ssl, |
434 if (base->cipher_list) { |
433 if (base->cipher_list) { |
435 SSL_CTX_set_cipher_list(ssl->ssl_ctx, base->cipher_list); |
434 SSL_CTX_set_cipher_list(ssl->ssl_ctx, base->cipher_list); |
436 } |
435 } |
437 if (base->ca_path) { |
436 if (base->ca_path) { |
438 _lm_ssl_set_ca (ssl, base->ca_path); |
437 _lm_ssl_set_ca (ssl, base->ca_path); |
|
438 } else { |
|
439 SSL_CTX_set_default_verify_paths (ssl->ssl_ctx); |
439 } |
440 } |
440 |
441 |
441 ssl->ssl = SSL_new(ssl->ssl_ctx); |
442 ssl->ssl = SSL_new(ssl->ssl_ctx); |
442 if (ssl->ssl == NULL) { |
443 if (ssl->ssl == NULL) { |
443 g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_SSL, "SSL_new() == NULL"); |
444 g_log (LM_LOG_DOMAIN, LM_LOG_LEVEL_SSL, "SSL_new() == NULL"); |