From aa7c27536ad56def21afad4043d6d658f517ecc4 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Tue, 8 Nov 2016 22:38:48 +0000 Subject: [PATCH] Make sure to override SslContext verify callback always The 1.0.1 code has to override this to setup hostname validation, and don't want behavior to silently change depending on the OpenSSL version you're building against. --- openssl/src/ssl/connector.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs index 55177767..c5189c9e 100644 --- a/openssl/src/ssl/connector.rs +++ b/openssl/src/ssl/connector.rs @@ -255,7 +255,9 @@ impl SslAcceptor { #[cfg(any(ossl102, ossl110))] fn setup_verify(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> { - ssl.set_verify(SSL_VERIFY_PEER); + // pass a noop closure in here to ensure that we consistently override any callback on the + // context + ssl.set_verify_callback(SSL_VERIFY_PEER, |p, _| p); let param = ssl._param_mut(); param.set_hostflags(::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); param.set_host(domain)