only set openssl verify when needed to avoid some handshake errors

git-svn-id: http://svn.enlightenment.org/svn/e/trunk/ecore@53955 7cbeb6ba-43b4-40fd-8cce-4c39aea84d33

diff --git a/src/lib/ecore_con/ecore_con_ssl.c b/src/lib/ecore_con/ecore_con_ssl.c
index 15dfd38..26c586c 100644 (file)
--- a/src/lib/ecore_con/ecore_con_ssl.c
+++ b/src/lib/ecore_con/ecore_con_ssl.c
@@ -989,8 +989,6 @@ _ecore_con_ssl_server_prepare_openssl(Ecore_Con_Server *svr, int ssl_type)
    else if (!svr->use_cert)
      SSL_ERROR_CHECK_GOTO_ERROR(!SSL_CTX_set_cipher_list(svr->ssl_ctx, "aNULL:!eNULL:!LOW:!EXPORT:!ECDH:RSA:AES:!PSK:@STRENGTH"));
 
-   SSL_CTX_set_verify(svr->ssl_ctx, SSL_VERIFY_PEER, NULL);
-
    return ECORE_CON_SSL_ERROR_NONE;
 
 error:
@@ -1068,6 +1066,7 @@ _ecore_con_ssl_server_init_openssl(Ecore_Con_Server *svr)
      /* not verifying certificates, so we're done! */
      return ECORE_CON_SSL_ERROR_NONE;
 
+   SSL_set_verify(svr->ssl, SSL_VERIFY_PEER, NULL);
    /* use CRL/CA lists to verify */
    if (SSL_get_peer_certificate(svr->ssl))
      SSL_ERROR_CHECK_GOTO_ERROR(SSL_get_verify_result(svr->ssl));
@@ -1297,7 +1296,7 @@ _ecore_con_ssl_client_init_openssl(Ecore_Con_Client *cl)
    if (!cl->host_server->verify)
      /* not verifying certificates, so we're done! */
      return ECORE_CON_SSL_ERROR_NONE;
-     
+   SSL_set_verify(cl->ssl, SSL_VERIFY_PEER, NULL);
    /* use CRL/CA lists to verify */
    if (SSL_get_peer_certificate(cl->ssl))
      SSL_ERROR_CHECK_GOTO_ERROR(SSL_get_verify_result(cl->ssl));