From b1252f837f7ed06a0c0a29006533a684a2b96b7a Mon Sep 17 00:00:00 2001
From: Alexey Shchepin <alexey@process-one.net>
Date: Mon, 5 Jan 2009 17:21:10 +0000
Subject: * src/tls/tls_drv.c: Added a flag to avoid certificate validation *
 src/tls/tls.erl: Likewise * src/ejabberd_c2s.erl: Likewise

SVN Revision: 1774
---
 src/tls/tls_drv.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/tls/tls_drv.c')

diff --git a/src/tls/tls_drv.c b/src/tls/tls_drv.c
index b90cab87..2f8e5615 100644
--- a/src/tls/tls_drv.c
+++ b/src/tls/tls_drv.c
@@ -272,6 +272,7 @@ static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 #define GET_DECRYPTED_INPUT  6
 #define GET_PEER_CERTIFICATE 7
 #define GET_VERIFY_RESULT    8
+#define VERIFY_NONE 0x10000
 
 
 #define die_unless(cond, errstr)				\
@@ -312,6 +313,9 @@ static int tls_drv_control(ErlDrvData handle,
    int size;
    ErlDrvBinary *b;
    X509 *cert;
+   unsigned int flags = command;
+
+   command &= 0xffff;
 
    ERR_clear_error();
    switch (command)
@@ -354,6 +358,9 @@ static int tls_drv_control(ErlDrvData handle,
 	 d->ssl = SSL_new(ssl_ctx);
 	 die_unless(d->ssl, "SSL_new failed");
 
+	 if (flags & VERIFY_NONE)
+	    SSL_set_verify(d->ssl, SSL_VERIFY_NONE, verify_callback);
+
 	 d->bio_read = BIO_new(BIO_s_mem());
 	 d->bio_write = BIO_new(BIO_s_mem());
 
-- 
cgit v1.2.3