+2009-01-05 Alexey Shchepin <alexey@process-one.net>
+
+ * src/tls/tls_drv.c: Added a flag to avoid certificate validation
+ * src/tls/tls.erl: Likewise
+ * src/ejabberd_c2s.erl: Likewise
+
2009-01-03 Badlop <badlop@process-one.net>
* src/*.erl: Fix EDoc comments
StartTLSRequired = lists:member(starttls_required, Opts),
TLSEnabled = lists:member(tls, Opts),
TLS = StartTLS orelse StartTLSRequired orelse TLSEnabled,
- TLSOpts = lists:filter(fun({certfile, _}) -> true;
- (_) -> false
- end, Opts),
+ TLSOpts1 =
+ lists:filter(fun({certfile, _}) -> true;
+ (_) -> false
+ end, Opts),
+ TLSOpts = [verify_none | TLSOpts1],
Zlib = lists:member(zlib, Opts) andalso (not StartTLSRequired),
IP = peerip(SockMod, Socket),
%% Check if IP is blacklisted:
-define(GET_DECRYPTED_INPUT, 6).
-define(GET_PEER_CERTIFICATE, 7).
-define(GET_VERIFY_RESULT, 8).
+-define(VERIFY_NONE, 16#10000).
-record(tlssock, {tcpsock, tlsport}).
{error, already_loaded} -> ok
end,
Port = open_port({spawn, tls_drv}, [binary]),
+ Flags =
+ case lists:member(verify_none, Options) of
+ true ->
+ ?VERIFY_NONE;
+ false ->
+ 0
+ end,
Command = case lists:member(connect, Options) of
true ->
?SET_CERTIFICATE_FILE_CONNECT;
false ->
?SET_CERTIFICATE_FILE_ACCEPT
end,
- case port_control(Port, Command, CertFile ++ [0]) of
+ case port_control(Port, Command bor Flags, CertFile ++ [0]) of
<<0>> ->
{ok, #tlssock{tcpsock = TCPSocket, tlsport = Port}};
<<1, Error/binary>> ->
#define GET_DECRYPTED_INPUT 6
#define GET_PEER_CERTIFICATE 7
#define GET_VERIFY_RESULT 8
+#define VERIFY_NONE 0x10000
#define die_unless(cond, errstr) \
int size;
ErlDrvBinary *b;
X509 *cert;
+ unsigned int flags = command;
+
+ command &= 0xffff;
ERR_clear_error();
switch (command)
d->ssl = SSL_new(ssl_ctx);
die_unless(d->ssl, "SSL_new failed");
+ if (flags & VERIFY_NONE)
+ SSL_set_verify(d->ssl, SSL_VERIFY_NONE, verify_callback);
+
d->bio_read = BIO_new(BIO_s_mem());
d->bio_write = BIO_new(BIO_s_mem());
projects / ejabberd / commitdiff