summaryrefslogtreecommitdiff
path: root/src/ne_openssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/ne_openssl.c')
-rw-r--r--src/ne_openssl.c13
1 files changed, 3 insertions, 10 deletions
diff --git a/src/ne_openssl.c b/src/ne_openssl.c
index f8350fa..b2bad39 100644
--- a/src/ne_openssl.c
+++ b/src/ne_openssl.c
@@ -728,17 +728,10 @@ int ne__negotiate_ssl(ne_session *sess)
return NE_ERROR;
}
- if (sess->server_cert) {
- int diff = X509_cmp(sk_X509_value(chain, 0), sess->server_cert->subject);
+ if (sess->server_cert
+ && X509_cmp(sk_X509_value(chain, 0), sess->server_cert->subject) == 0) {
+ /* Same leaf cert used as last time - no need to reverify. */
if (freechain) sk_X509_free(chain); /* no longer need the chain */
- if (diff) {
- /* This could be a MITM attack: fail the request. */
- ne_set_error(sess, _("Server certificate changed: "
- "connection intercepted?"));
- return NE_ERROR;
- }
- /* certificate has already passed verification: no need to
- * verify it again. */
} else {
/* new connection: create the chain. */
ne_ssl_certificate *cert = make_chain(chain);
View Lorry Controller Status