diff options
Diffstat (limited to 'src/ne_openssl.c')
-rw-r--r-- | src/ne_openssl.c | 13 |
1 files changed, 3 insertions, 10 deletions
diff --git a/src/ne_openssl.c b/src/ne_openssl.c index f8350fa..b2bad39 100644 --- a/src/ne_openssl.c +++ b/src/ne_openssl.c @@ -728,17 +728,10 @@ int ne__negotiate_ssl(ne_session *sess) return NE_ERROR; } - if (sess->server_cert) { - int diff = X509_cmp(sk_X509_value(chain, 0), sess->server_cert->subject); + if (sess->server_cert + && X509_cmp(sk_X509_value(chain, 0), sess->server_cert->subject) == 0) { + /* Same leaf cert used as last time - no need to reverify. */ if (freechain) sk_X509_free(chain); /* no longer need the chain */ - if (diff) { - /* This could be a MITM attack: fail the request. */ - ne_set_error(sess, _("Server certificate changed: " - "connection intercepted?")); - return NE_ERROR; - } - /* certificate has already passed verification: no need to - * verify it again. */ } else { /* new connection: create the chain. */ ne_ssl_certificate *cert = make_chain(chain); |