diff options
| author | Ryan Dahl <ry@tinyclouds.org> | 2010-12-03 17:07:09 -0800 |
|---|---|---|
| committer | Ryan Dahl <ry@tinyclouds.org> | 2010-12-05 18:13:20 -0800 |
| commit | 5bca100afef1e4b7c88932a855a7129c58f2dd31 (patch) | |
| tree | 275a2011338453287501be33c50256c94c2a295e /src | |
| parent | 093dfaf801a10905ba27df8cf3aa17b36ea5149a (diff) | |
| download | node-new-5bca100afef1e4b7c88932a855a7129c58f2dd31.tar.gz | |
Server must not request cert.
Diffstat (limited to 'src')
| -rw-r--r-- | src/node_crypto.cc | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/src/node_crypto.cc b/src/node_crypto.cc index b7bc8f3efd..3db4e89ef2 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -389,8 +389,26 @@ Handle<Value> SecureStream::New(const Arguments& args) { SSL_set_mode(p->ssl_, mode | SSL_MODE_RELEASE_BUFFERS); #endif + + int verify_mode; + if (is_server) { + bool request_cert = args[2]->BooleanValue(); + if (!request_cert) { + // Note reject_unauthorized ignored. + verify_mode = SSL_VERIFY_NONE; + } else { + bool reject_unauthorized = args[3]->BooleanValue(); + verify_mode = SSL_VERIFY_PEER; + if (reject_unauthorized) verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; + } + } else { + // Note request_cert and reject_unauthorized are ignored for clients. + verify_mode = SSL_VERIFY_NONE; + } + + // Always allow a connection. We'll reject in javascript. - SSL_set_verify(p->ssl_, SSL_VERIFY_PEER, VerifyCallback); + SSL_set_verify(p->ssl_, verify_mode, VerifyCallback); if ((p->is_server_ = is_server)) { SSL_set_accept_state(p->ssl_); |