Re #1843: Enable OpenSSL to use legacy certificates(1024 bit root certificate) send by server.

This is supported on OpenSSL 1.0.2. Thanks to Alexander Traud for the patch. git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@5080 74dad513-b988-da41-8d7b-12977e46ad98
author: Riza Sulistyo <riza@teluu.com> 2015-04-27 08:05:31 +0000
committer: Riza Sulistyo <riza@teluu.com> 2015-04-27 08:05:31 +0000
commit: 6e576eeb526b5512452b8824f29ac350edd6ac32 (patch)
tree: 6fe1994655ee727359c2bea3b066f525b6fc6d1a /pjlib
parent: 8c471b2b3b3e5893385c2149ac0caf197631c307 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c
index de54844d..755059f5 100644
--- a/pjlib/src/pj/ssl_sock_ossl.c
+++ b/pjlib/src/pj/ssl_sock_ossl.c
@@ -689,6 +689,18 @@ static pj_status_t create_ssl(pj_ssl_sock_t *ssock)
 	    }
     #endif
 	}
+    } else {
+	X509_STORE *pkix_validation_store = SSL_CTX_get_cert_store(ctx);
+	if (NULL != pkix_validation_store) {
+#if defined(X509_V_FLAG_TRUSTED_FIRST)
+	    X509_STORE_set_flags(pkix_validation_store, 
+				 X509_V_FLAG_TRUSTED_FIRST);
+#endif
+#if defined(X509_V_FLAG_PARTIAL_CHAIN)
+	    X509_STORE_set_flags(pkix_validation_store, 
+				 X509_V_FLAG_PARTIAL_CHAIN);
+#endif
+	}
     }
 
     /* Create SSL instance */
author	Riza Sulistyo <riza@teluu.com>	2015-04-27 08:05:31 +0000
committer	Riza Sulistyo <riza@teluu.com>	2015-04-27 08:05:31 +0000
commit	6e576eeb526b5512452b8824f29ac350edd6ac32 (patch)
tree	6fe1994655ee727359c2bea3b066f525b6fc6d1a /pjlib
parent	8c471b2b3b3e5893385c2149ac0caf197631c307 (diff)