aboutsummaryrefslogtreecommitdiff
path: root/rtc_base/openssl_adapter.cc
diff options
context:
space:
mode:
Diffstat (limited to 'rtc_base/openssl_adapter.cc')
-rw-r--r--rtc_base/openssl_adapter.cc3
1 files changed, 3 insertions, 0 deletions
diff --git a/rtc_base/openssl_adapter.cc b/rtc_base/openssl_adapter.cc
index e5c2c42761..563fe0f9d9 100644
--- a/rtc_base/openssl_adapter.cc
+++ b/rtc_base/openssl_adapter.cc
@@ -981,6 +981,9 @@ SSL_CTX* OpenSSLAdapter::CreateContext(SSLMode mode, bool enable_cache) {
SSL_CTX_set_custom_verify(ctx, SSL_VERIFY_PEER, SSLVerifyCallback);
#else
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, SSLVerifyCallback);
+ // Verify certificate chains up to a depth of 4. This is not
+ // needed for DTLS-SRTP which uses self-signed certificates
+ // (so the depth is 0) but is required to support TURN/TLS.
SSL_CTX_set_verify_depth(ctx, 4);
#endif
// Use defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 18:32:05 +0000