disable temporarily CA support, it prevents some remote hosts from

establishing a ssl session. will be investigated and reenabled soon asked and commited on behalf of gilles@ ok gilles@
author: chl <chl@openbsd.org> 2011-12-21 21:10:15 +0000
committer: chl <chl@openbsd.org> 2011-12-21 21:10:15 +0000
commit: a63780ed29d84e68995cb77ab590632af30dd44e (patch)
tree: 7ab92eb645285f141cd1beac6286d69706e4260f
parent: Compute mandatory UDP checksum for IPv6 packets (diff)
download: wireguard-openbsd-a63780ed29d84e68995cb77ab590632af30dd44e.tar.xz
wireguard-openbsd-a63780ed29d84e68995cb77ab590632af30dd44e.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/usr.sbin/smtpd/ssl.c b/usr.sbin/smtpd/ssl.c
index 336efe42cad..b9281f25503 100644
--- a/usr.sbin/smtpd/ssl.c
+++ b/usr.sbin/smtpd/ssl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ssl.c,v 1.42 2011/12/14 17:51:38 eric Exp $	*/
+/*	$OpenBSD: ssl.c,v 1.43 2011/12/21 21:10:15 chl Exp $	*/
 
 /*
  * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -454,12 +454,14 @@ ssl_setup(struct listener *l)
 
 	l->ssl_ctx = ssl_ctx_create();
 
+/*
 	if (l->ssl->ssl_ca != NULL) {
 		if (! ssl_ctx_load_verify_memory(l->ssl_ctx,
 			l->ssl->ssl_ca, l->ssl->ssl_ca_len))
 			goto err;
 		SSL_CTX_set_verify(l->ssl_ctx, SSL_VERIFY_PEER, NULL);
 	}
+*/
 
 	if (!ssl_ctx_use_certificate_chain(l->ssl_ctx,
 	    l->ssl->ssl_cert, l->ssl->ssl_cert_len))
author	chl <chl@openbsd.org>	2011-12-21 21:10:15 +0000
committer	chl <chl@openbsd.org>	2011-12-21 21:10:15 +0000
commit	a63780ed29d84e68995cb77ab590632af30dd44e (patch)
tree	7ab92eb645285f141cd1beac6286d69706e4260f
parent	Compute mandatory UDP checksum for IPv6 packets (diff)
download	wireguard-openbsd-a63780ed29d84e68995cb77ab590632af30dd44e.tar.xz wireguard-openbsd-a63780ed29d84e68995cb77ab590632af30dd44e.zip