diff options
| author | rcritten <> | 2005-05-24 21:23:36 +0000 |
|---|---|---|
| committer | rcritten <> | 2005-05-24 21:23:36 +0000 |
| commit | 77042d50c8c2aee91d67186363eeba03d657ecb9 (patch) | |
| tree | 7cbb5f4110b633376d7b690eecac149748ed0875 | |
| parent | 32a0cc435a9d3c6aee91ab473a3a033a1cd8ba37 (diff) | |
When doing SSLVerifyCert require then we need to always require the
certificate to match what OpenSSL does.
| -rw-r--r-- | nss_engine_init.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nss_engine_init.c b/nss_engine_init.c index db98fa3..b2d2c14 100644 --- a/nss_engine_init.c +++ b/nss_engine_init.c @@ -456,7 +456,7 @@ static void ssl_init_ctx_verify(server_rec *s, { if (mctx->auth.verify_mode == SSL_CVERIFY_REQUIRE) { SSL_OptionSet(mctx->model, SSL_REQUEST_CERTIFICATE, PR_TRUE); - SSL_OptionSet(mctx->model, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_NO_ERROR); + SSL_OptionSet(mctx->model, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_ALWAYS); } else if (mctx->auth.verify_mode == SSL_CVERIFY_OPTIONAL) { SSL_OptionSet(mctx->model, SSL_REQUEST_CERTIFICATE, PR_TRUE); SSL_OptionSet(mctx->model, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_NEVER); |