Commit aa7c2753 authored by Steven Fackler's avatar Steven Fackler
Browse files

Make sure to override SslContext verify callback always 

The 1.0.1 code has to override this to setup hostname validation, and
don't want behavior to silently change depending on the OpenSSL version
you're building against.
parent 91372399

openssl/src/ssl/connector.rs

+3 −1
Original line number Diff line number Diff line
@@ -255,7 +255,9 @@ impl SslAcceptor { 


#[cfg(any(ossl102, ossl110))]

fn setup_verify(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> {

    ssl.set_verify(SSL_VERIFY_PEER);

    // pass a noop closure in here to ensure that we consistently override any callback on the

    // context

    ssl.set_verify_callback(SSL_VERIFY_PEER, |p, _| p);

    let param = ssl._param_mut();

    param.set_hostflags(::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);

    param.set_host(domain)