Make sure to override SslContext verify callback always

The 1.0.1 code has to override this to setup hostname validation, and don't want behavior to silently change depending on the OpenSSL version you're building against.
author: Steven Fackler <[email protected]> 2016-11-08 22:38:48 +0000
committer: Steven Fackler <[email protected]> 2016-11-08 22:38:48 +0000
commit: aa7c27536ad56def21afad4043d6d658f517ecc4 (patch)
tree: 0b7934db0a6bd6f646342b844d33744eeabfcb61 /openssl/src
parent: Add convenience functions for AEAD encryption/decryption (diff)
download: rust-openssl-aa7c27536ad56def21afad4043d6d658f517ecc4.tar.xz
rust-openssl-aa7c27536ad56def21afad4043d6d658f517ecc4.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs
index 55177767..c5189c9e 100644
--- a/openssl/src/ssl/connector.rs
+++ b/openssl/src/ssl/connector.rs
@@ -255,7 +255,9 @@ impl SslAcceptor {
 
 #[cfg(any(ossl102, ossl110))]
 fn setup_verify(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> {
-    ssl.set_verify(SSL_VERIFY_PEER);
+    // pass a noop closure in here to ensure that we consistently override any callback on the
+    // context
+    ssl.set_verify_callback(SSL_VERIFY_PEER, |p, _| p);
     let param = ssl._param_mut();
     param.set_hostflags(::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
     param.set_host(domain)
author	Steven Fackler <[email protected]>	2016-11-08 22:38:48 +0000
committer	Steven Fackler <[email protected]>	2016-11-08 22:38:48 +0000
commit	aa7c27536ad56def21afad4043d6d658f517ecc4 (patch)
tree	0b7934db0a6bd6f646342b844d33744eeabfcb61 /openssl/src
parent	Add convenience functions for AEAD encryption/decryption (diff)
download	rust-openssl-aa7c27536ad56def21afad4043d6d658f517ecc4.tar.xz rust-openssl-aa7c27536ad56def21afad4043d6d658f517ecc4.zip