{
tls_session_t *state = NULL;
SSL *new_tls = NULL;
- int verify_mode = SSL_VERIFY_NONE;
+
+ client_cert = client_cert; /* -Wunused. See bug #350 */
if ((new_tls = SSL_new(ssl_ctx)) == NULL) {
radlog(L_ERR, "rlm_eap_tls: Error creating new SSL");
SSL_set_info_callback(new_tls, cbtls_info);
/*
- * Verify the peer certificate, if asked.
- */
- if (client_cert) {
- DEBUG2(" rlm_eap_tls: Requiring client certificate");
- verify_mode = SSL_VERIFY_PEER;
- verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
- verify_mode |= SSL_VERIFY_CLIENT_ONCE;
- }
- SSL_set_verify(state->ssl, verify_mode, cbtls_verify);
-
- /*
* In Server mode we only accept.
*/
SSL_set_accept_state(state->ssl);
SSL_METHOD *meth;
SSL_CTX *ctx;
X509_STORE *certstore;
- int verify_mode = 0;
+ int verify_mode = SSL_VERIFY_NONE;
int ctx_options = 0;
int type;
eap_tls_t *inst;
VALUE_PAIR *vp;
int client_cert = TRUE;
+ int verify_mode = SSL_VERIFY_NONE;
inst = (eap_tls_t *)type_arg;
}
/*
+ * Verify the peer certificate, if asked.
+ */
+ if (client_cert) {
+ DEBUG2(" rlm_eap_tls: Requiring client certificate");
+ verify_mode = SSL_VERIFY_PEER;
+ verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+ verify_mode |= SSL_VERIFY_CLIENT_ONCE;
+ }
+ SSL_set_verify(ssn->ssl, verify_mode, cbtls_verify);
+
+ /*
* Create a structure for all the items required to be
* verified for each client and set that as opaque data
* structure.