interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix error that was not allowing cipher suite fallback for opportunistic TLS.

This commit is contained in:
Sara Dickinson 2015-10-25 15:28:20 +00:00
parent c613743644
commit e397d1e020
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/stub.c
View File

@ -913,7 +913,7 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
SSL_set_verify(ssl, SSL_VERIFY_PEER, tls_verify_callback); SSL_set_verify(ssl, SSL_VERIFY_PEER, tls_verify_callback);
else { else {
SSL_set_verify(ssl, SSL_VERIFY_NONE, tls_verify_callback_with_fallback); SSL_set_verify(ssl, SSL_VERIFY_NONE, tls_verify_callback_with_fallback);
SSL_CTX_set_cipher_list(context->tls_ctx, NULL); SSL_set_cipher_list(ssl, "DEFAULT");
} }
} else { } else {
/* Lack of host name is OK unless only authenticated TLS is specified*/ /* Lack of host name is OK unless only authenticated TLS is specified*/
@ -926,7 +926,7 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
DEBUG_STUB("--- %s, PROCEEDING WITHOUT HOSTNAME VALIDATION!!\n", __FUNCTION__); DEBUG_STUB("--- %s, PROCEEDING WITHOUT HOSTNAME VALIDATION!!\n", __FUNCTION__);
upstream->tls_auth_failed = 1; upstream->tls_auth_failed = 1;
SSL_set_verify(ssl, SSL_VERIFY_NONE, tls_verify_callback_with_fallback); SSL_set_verify(ssl, SSL_VERIFY_NONE, tls_verify_callback_with_fallback);
SSL_CTX_set_cipher_list(context->tls_ctx, NULL); SSL_set_cipher_list(ssl, "DEFAULT");
} }
} }