vor 6 Jahren · ec866e9953
--- a/src/core/tsi/ssl_transport_security.cc
+++ b/src/core/tsi/ssl_transport_security.cc
@@ -1850,31 +1850,30 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
 
				           break;
			
 
				         }
			
 
				         SSL_CTX_set_client_CA_list(impl->ssl_contexts[i], root_names);
			
 
				-        switch (options->client_certificate_request) {
			
 
				-          case TSI_DONT_REQUEST_CLIENT_CERTIFICATE:
			
 
				-            SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_NONE, nullptr);
			
 
				-            break;
			
 
				-          case TSI_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
			
 
				-            SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER,
			
 
				-                               NullVerifyCallback);
			
 
				-            break;
			
 
				-          case TSI_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY:
			
 
				-            SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER, nullptr);
			
 
				-            break;
			
 
				-          case TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
			
 
				-            SSL_CTX_set_verify(
			
 
				-                impl->ssl_contexts[i],
			
 
				-                SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
			
 
				-                NullVerifyCallback);
			
 
				-            break;
			
 
				-          case TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY:
			
 
				-            SSL_CTX_set_verify(
			
 
				-                impl->ssl_contexts[i],
			
 
				-                SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
			
 
				-            break;
			
 
				-        }
			
 
				-        /* TODO(jboeuf): Add revocation verification. */
			
 
				       }
			
 
				+      switch (options->client_certificate_request) {
			
 
				+        case TSI_DONT_REQUEST_CLIENT_CERTIFICATE:
			
 
				+          SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_NONE, nullptr);
			
 
				+          break;
			
 
				+        case TSI_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
			
 
				+          SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER,
			
 
				+                             NullVerifyCallback);
			
 
				+          break;
			
 
				+        case TSI_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY:
			
 
				+          SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER, nullptr);
			
 
				+          break;
			
 
				+        case TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
			
 
				+          SSL_CTX_set_verify(impl->ssl_contexts[i],
			
 
				+                             SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
			
 
				+                             NullVerifyCallback);
			
 
				+          break;
			
 
				+        case TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY:
			
 
				+          SSL_CTX_set_verify(impl->ssl_contexts[i],
			
 
				+                             SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
			
 
				+                             nullptr);
			
 
				+          break;
			
 
				+      }
			
 
				+      /* TODO(jboeuf): Add revocation verification. */
			
 
				 
			
 
				       result = extract_x509_subject_names_from_pem_cert(
			
 
				           options->pem_key_cert_pairs[i].cert_chain,