diff options
author | tkchin@webrtc.org <tkchin@webrtc.org> | 2014-09-23 05:56:44 +0000 |
---|---|---|
committer | tkchin@webrtc.org <tkchin@webrtc.org> | 2014-09-23 05:56:44 +0000 |
commit | c569a49a3dafdb5017961736c7715624dd059240 (patch) | |
tree | c543d4c7e7b609a667a2f5c77fe7658d25728621 /webrtc/base/opensslstreamadapter.cc | |
parent | dc0b37dcb1a5ed242bef1c1032abaa73e0872f13 (diff) | |
download | webrtc-c569a49a3dafdb5017961736c7715624dd059240.tar.gz |
Unit tests for SSLAdapter
R=juberti@webrtc.org
Review URL: https://webrtc-codereview.appspot.com/17309004
Patch from Manish Jethani <manish.jethani@gmail.com>.
git-svn-id: http://webrtc.googlecode.com/svn/trunk@7269 4adac7df-926f-26a2-2b94-8c16560cd09d
Diffstat (limited to 'webrtc/base/opensslstreamadapter.cc')
-rw-r--r-- | webrtc/base/opensslstreamadapter.cc | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc index ed5ac74068..070a948b14 100644 --- a/webrtc/base/opensslstreamadapter.cc +++ b/webrtc/base/opensslstreamadapter.cc @@ -743,8 +743,15 @@ SSL_CTX* OpenSSLStreamAdapter::SetupSSLContext() { SSL_CTX_set_info_callback(ctx, OpenSSLAdapter::SSLInfoCallback); #endif - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER |SSL_VERIFY_FAIL_IF_NO_PEER_CERT, - SSLVerifyCallback); + int mode = SSL_VERIFY_PEER; + if (client_auth_enabled()) { + // Require a certificate from the client. + // Note: Normally this is always true in production, but it may be disabled + // for testing purposes (e.g. SSLAdapter unit tests). + mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; + } + + SSL_CTX_set_verify(ctx, mode, SSLVerifyCallback); SSL_CTX_set_verify_depth(ctx, 4); SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); |