diff options
Diffstat (limited to 'src/lib/libtls/tls_server.c')
| -rw-r--r-- | src/lib/libtls/tls_server.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c index 190682e630..6f8daa0aca 100644 --- a/src/lib/libtls/tls_server.c +++ b/src/lib/libtls/tls_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_server.c,v 1.11 2015/09/09 14:32:06 jsing Exp $ */ | 1 | /* $OpenBSD: tls_server.c,v 1.12 2015/09/09 19:23:04 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -60,8 +60,15 @@ tls_configure_server(struct tls *ctx) | |||
| 60 | 60 | ||
| 61 | if (tls_configure_ssl(ctx) != 0) | 61 | if (tls_configure_ssl(ctx) != 0) |
| 62 | goto err; | 62 | goto err; |
| 63 | if (tls_configure_keypair(ctx) != 0) | 63 | if (tls_configure_keypair(ctx, 1) != 0) |
| 64 | goto err; | 64 | goto err; |
| 65 | if (ctx->config->verify_client != 0) { | ||
| 66 | int verify = SSL_VERIFY_PEER; | ||
| 67 | if (ctx->config->verify_client == 1) | ||
| 68 | verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; | ||
| 69 | if (tls_configure_ssl_verify(ctx, verify) == -1) | ||
| 70 | goto err; | ||
| 71 | } | ||
| 65 | 72 | ||
| 66 | if (ctx->config->dheparams == -1) | 73 | if (ctx->config->dheparams == -1) |
| 67 | SSL_CTX_set_dh_auto(ctx->ssl_ctx, 1); | 74 | SSL_CTX_set_dh_auto(ctx->ssl_ctx, 1); |