fetch(3): Backport SSL validation from pkgsrc libfetch 2.40.
We should really sync with pkgsrc libfetch to avoid divergence, but this is a low-risk, high-priority change for NetBSD 10: https://mail-index.netbsd.org/pkgsrc-changes/2024/01/03/msg290052.html
This commit is contained in:
parent
5c47682a25
commit
5defc0df3d
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: common.c,v 1.5 2023/12/29 00:55:46 christos Exp $ */
|
/* $NetBSD: common.c,v 1.6 2024/01/03 11:40:38 riastradh Exp $ */
|
||||||
/*-
|
/*-
|
||||||
* Copyright (c) 1998-2004 Dag-Erling Coïdan Smørgrav
|
* Copyright (c) 1998-2004 Dag-Erling Coïdan Smørgrav
|
||||||
* Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg@NetBSD.org>
|
* Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg@NetBSD.org>
|
||||||
|
@ -452,6 +452,10 @@ fetch_ssl(conn_t *conn, int verbose)
|
||||||
conn->ssl_meth = SSLv23_client_method();
|
conn->ssl_meth = SSLv23_client_method();
|
||||||
conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth);
|
conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth);
|
||||||
SSL_CTX_set_mode(conn->ssl_ctx, SSL_MODE_AUTO_RETRY);
|
SSL_CTX_set_mode(conn->ssl_ctx, SSL_MODE_AUTO_RETRY);
|
||||||
|
if (getenv("SSL_NO_VERIFY_PEER") == NULL) {
|
||||||
|
SSL_CTX_set_default_verify_paths(conn->ssl_ctx);
|
||||||
|
SSL_CTX_set_verify(conn->ssl_ctx, SSL_VERIFY_PEER, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
conn->ssl = SSL_new(conn->ssl_ctx);
|
conn->ssl = SSL_new(conn->ssl_ctx);
|
||||||
if (conn->ssl == NULL){
|
if (conn->ssl == NULL){
|
||||||
|
|
Loading…
Reference in New Issue