Merge pull request #1277 from xnrand/master

Add network-specific settings for cert validation
2026-03-28 17:42:41 +01:00 · 2016-08-20 12:08:41 +01:00
parent d0e93c5171 409ed4b6bc
commit 85984ee4be
8 changed files with 69 additions and 2 deletions
--- a/src/Socket.cpp
+++ b/src/Socket.cpp
@@ -122,13 +122,17 @@ void CZNCSock::SSLHandShakeFinished() {
        Close();
        return;
    }
+    if (GetTrustAllCerts()) {
+        DEBUG(GetSockName() + ": Verification disabled, trusting all.");
+        return;
+    }
    CString sHostVerifyError;
    if (!ZNC_SSLVerifyHost(m_sHostToVerifySSL, pCert, sHostVerifyError)) {
        m_ssCertVerificationErrors.insert(sHostVerifyError);
    }
    X509_free(pCert);
-    if (m_ssCertVerificationErrors.empty()) {
-        DEBUG(GetSockName() + ": Good cert");
+    if (GetTrustPKI() && m_ssCertVerificationErrors.empty()) {
+        DEBUG(GetSockName() + ": Good cert (PKI valid)");
        return;
    }
    CString sFP = GetSSLPeerFingerprint();