aboutsummaryrefslogtreecommitdiff
path: root/webrtc/base/opensslstreamadapter.cc
diff options
context:
space:
mode:
authortkchin@webrtc.org <tkchin@webrtc.org>2014-09-23 05:56:44 +0000
committertkchin@webrtc.org <tkchin@webrtc.org>2014-09-23 05:56:44 +0000
commitc569a49a3dafdb5017961736c7715624dd059240 (patch)
treec543d4c7e7b609a667a2f5c77fe7658d25728621 /webrtc/base/opensslstreamadapter.cc
parentdc0b37dcb1a5ed242bef1c1032abaa73e0872f13 (diff)
downloadwebrtc-c569a49a3dafdb5017961736c7715624dd059240.tar.gz
Unit tests for SSLAdapter
R=juberti@webrtc.org Review URL: https://webrtc-codereview.appspot.com/17309004 Patch from Manish Jethani <manish.jethani@gmail.com>. git-svn-id: http://webrtc.googlecode.com/svn/trunk@7269 4adac7df-926f-26a2-2b94-8c16560cd09d
Diffstat (limited to 'webrtc/base/opensslstreamadapter.cc')
-rw-r--r--webrtc/base/opensslstreamadapter.cc11
1 files changed, 9 insertions, 2 deletions
diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc
index ed5ac74068..070a948b14 100644
--- a/webrtc/base/opensslstreamadapter.cc
+++ b/webrtc/base/opensslstreamadapter.cc
@@ -743,8 +743,15 @@ SSL_CTX* OpenSSLStreamAdapter::SetupSSLContext() {
SSL_CTX_set_info_callback(ctx, OpenSSLAdapter::SSLInfoCallback);
#endif
- SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER |SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
- SSLVerifyCallback);
+ int mode = SSL_VERIFY_PEER;
+ if (client_auth_enabled()) {
+ // Require a certificate from the client.
+ // Note: Normally this is always true in production, but it may be disabled
+ // for testing purposes (e.g. SSLAdapter unit tests).
+ mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+ }
+
+ SSL_CTX_set_verify(ctx, mode, SSLVerifyCallback);
SSL_CTX_set_verify_depth(ctx, 4);
SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-20 17:16:49 +0000