diff options
| author | Philipp Hancke <philipp.hancke@googlemail.com> | 2021-06-16 10:26:56 +0200 |
|---|---|---|
| committer | WebRTC LUCI CQ <webrtc-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2021-06-20 15:14:17 +0000 |
| commit | ae278d47da3a5ebaf8833df4e11d3b35fdcabe86 (patch) | |
| tree | 803482228e29c8994bba0647c73fc75de014e24d | |
| parent | fbe995874fcf13f3c0adbb8f37fe95a8e541c9c3 (diff) | |
| download | webrtc-ae278d47da3a5ebaf8833df4e11d3b35fdcabe86.tar.gz | |
openssl_adapter: document SSL_CTX_set_verify_depth behaviour
document the reason for the depth setting in the code.
BUG=None
Change-Id: Ia761833ff1cc6fb6cc2768d408e26fe87ded57ac
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/222605
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#34336}
| -rw-r--r-- | rtc_base/openssl_adapter.cc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/rtc_base/openssl_adapter.cc b/rtc_base/openssl_adapter.cc index e5c2c42761..563fe0f9d9 100644 --- a/rtc_base/openssl_adapter.cc +++ b/rtc_base/openssl_adapter.cc @@ -981,6 +981,9 @@ SSL_CTX* OpenSSLAdapter::CreateContext(SSLMode mode, bool enable_cache) { SSL_CTX_set_custom_verify(ctx, SSL_VERIFY_PEER, SSLVerifyCallback); #else SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, SSLVerifyCallback); + // Verify certificate chains up to a depth of 4. This is not + // needed for DTLS-SRTP which uses self-signed certificates + // (so the depth is 0) but is required to support TURN/TLS. SSL_CTX_set_verify_depth(ctx, 4); #endif // Use defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers |