[Feature] Disable all SSL checks if ssl_no_verify flag is set

author: Vsevolod Stakhov <vsevolod@highsecure.ru> 2018-07-19 13:03:11 +0100
committer: Vsevolod Stakhov <vsevolod@highsecure.ru> 2018-07-19 13:03:11 +0100
commit: ac8bf6185abbc1f1fd9a4a9b6a2b9258cb7ac596 (patch)
tree: 96e3d0df5aacf1eb19e6c5b8b5d78f09ad36cd7a /src/libutil/util.c
parent: a2496b33224e3404fe93475340216d0843b92030 (diff)
download: rspamd-ac8bf6185abbc1f1fd9a4a9b6a2b9258cb7ac596.tar.gz
rspamd-ac8bf6185abbc1f1fd9a4a9b6a2b9258cb7ac596.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libutil/util.c b/src/libutil/util.c
index 4616bedc0..93f449791 100644
--- a/src/libutil/util.c
+++ b/src/libutil/util.c
@@ -2094,6 +2094,9 @@ rspamd_init_libs (void)
 #endif
 
 	SSL_CTX_set_options (ctx->ssl_ctx, ssl_options);
+	ctx->ssl_ctx_noverify = SSL_CTX_new (SSLv23_method ());
+	SSL_CTX_set_verify (ctx->ssl_ctx_noverify, SSL_VERIFY_NONE, NULL);
+	SSL_CTX_set_options (ctx->ssl_ctx_noverify, ssl_options);
 #endif
 	rspamd_random_seed_fast ();
 
@@ -2308,6 +2311,7 @@ rspamd_deinit_libs (struct rspamd_external_libs_ctx *ctx)
 		EVP_cleanup ();
 		ERR_free_strings ();
 		SSL_CTX_free (ctx->ssl_ctx);
+		SSL_CTX_free (ctx->ssl_ctx_noverify);
 #endif
 		rspamd_inet_library_destroy ();
 		rspamd_free_zstd_dictionary (ctx->in_dict);
author	Vsevolod Stakhov <vsevolod@highsecure.ru>	2018-07-19 13:03:11 +0100
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>	2018-07-19 13:03:11 +0100
commit	ac8bf6185abbc1f1fd9a4a9b6a2b9258cb7ac596 (patch)
tree	96e3d0df5aacf1eb19e6c5b8b5d78f09ad36cd7a /src/libutil/util.c
parent	a2496b33224e3404fe93475340216d0843b92030 (diff)
download	rspamd-ac8bf6185abbc1f1fd9a4a9b6a2b9258cb7ac596.tar.gz rspamd-ac8bf6185abbc1f1fd9a4a9b6a2b9258cb7ac596.zip