aboutsummaryrefslogtreecommitdiff
path: root/contrib/epee
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/epee')
-rw-r--r--contrib/epee/include/net/net_ssl.h3
-rw-r--r--contrib/epee/src/net_ssl.cpp3
2 files changed, 5 insertions, 1 deletions
diff --git a/contrib/epee/include/net/net_ssl.h b/contrib/epee/include/net/net_ssl.h
index ba6e2ee6d..726dcb61a 100644
--- a/contrib/epee/include/net/net_ssl.h
+++ b/contrib/epee/include/net/net_ssl.h
@@ -51,7 +51,8 @@ namespace net_utils
{
none = 0, //!< Do not verify peer.
system_ca, //!< Verify peer via system ca only (do not inspect user certificates)
- user_certificates //!< Verify peer via user certificate(s) only.
+ user_certificates,//!< Verify peer via specific (non-chain) certificate(s) only.
+ user_ca //!< Verify peer via specific (possibly chain) certificate(s) only.
};
struct ssl_authentication_t
diff --git a/contrib/epee/src/net_ssl.cpp b/contrib/epee/src/net_ssl.cpp
index 77eaa43e2..1bc6f91b8 100644
--- a/contrib/epee/src/net_ssl.cpp
+++ b/contrib/epee/src/net_ssl.cpp
@@ -221,6 +221,9 @@ boost::asio::ssl::context ssl_options_t::create_context() const
ssl_context.set_default_verify_paths();
break;
case ssl_verification_t::user_certificates:
+ ssl_context.set_verify_depth(0);
+ /* fallthrough */
+ case ssl_verification_t::user_ca:
if (!ca_path.empty())
{
const boost::system::error_code err = load_ca_file(ssl_context, ca_path);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-15 13:32:13 +0000