diff options
author | Riza Sulistyo <riza@teluu.com> | 2015-04-27 08:05:31 +0000 |
---|---|---|
committer | Riza Sulistyo <riza@teluu.com> | 2015-04-27 08:05:31 +0000 |
commit | 6e576eeb526b5512452b8824f29ac350edd6ac32 (patch) | |
tree | 6fe1994655ee727359c2bea3b066f525b6fc6d1a /pjlib/src | |
parent | 8c471b2b3b3e5893385c2149ac0caf197631c307 (diff) |
Re #1843: Enable OpenSSL to use legacy certificates(1024 bit root certificate) send by server.
This is supported on OpenSSL 1.0.2. Thanks to Alexander Traud for the patch.
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@5080 74dad513-b988-da41-8d7b-12977e46ad98
Diffstat (limited to 'pjlib/src')
-rw-r--r-- | pjlib/src/pj/ssl_sock_ossl.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c index de54844d..755059f5 100644 --- a/pjlib/src/pj/ssl_sock_ossl.c +++ b/pjlib/src/pj/ssl_sock_ossl.c @@ -689,6 +689,18 @@ static pj_status_t create_ssl(pj_ssl_sock_t *ssock) } #endif } + } else { + X509_STORE *pkix_validation_store = SSL_CTX_get_cert_store(ctx); + if (NULL != pkix_validation_store) { +#if defined(X509_V_FLAG_TRUSTED_FIRST) + X509_STORE_set_flags(pkix_validation_store, + X509_V_FLAG_TRUSTED_FIRST); +#endif +#if defined(X509_V_FLAG_PARTIAL_CHAIN) + X509_STORE_set_flags(pkix_validation_store, + X509_V_FLAG_PARTIAL_CHAIN); +#endif + } } /* Create SSL instance */ |