Changeset 5080 for pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c

Timestamp:

Apr 27, 2015 8:05:31 AM (9 years ago)

Author:

riza

Message:

Re #1843: Enable OpenSSL to use legacy certificates(1024 bit root certificate) send by server.
This is supported on OpenSSL 1.0.2. Thanks to Alexander Traud for the patch.

File:

• pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c (modified) (1 diff)

pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c

@@ -689 +689 @@
             }
     #endif
+        }
+    } else {
+        X509_STORE *pkix_validation_store = SSL_CTX_get_cert_store(ctx);
+        if (NULL != pkix_validation_store) {
+#if defined(X509_V_FLAG_TRUSTED_FIRST)
+            X509_STORE_set_flags(pkix_validation_store, 
+                                 X509_V_FLAG_TRUSTED_FIRST);
+#endif
+#if defined(X509_V_FLAG_PARTIAL_CHAIN)
+            X509_STORE_set_flags(pkix_validation_store, 
+                                 X509_V_FLAG_PARTIAL_CHAIN);
+#endif
         }
     }