mirror of https://github.com/Icinga/icinga2.git
ApiListener: fix self-made security hole
This commit is contained in:
Alexander A. Klimov
parent
f9fff54da2
commit
c46157d552
|
|
@ -531,13 +531,13 @@ void ApiListener::NewClientHandlerInternal(boost::asio::yield_context yc, const
|
||||||
|
|
||||||
sslConn.set_verify_mode(ssl::verify_peer | ssl::verify_client_once);
|
sslConn.set_verify_mode(ssl::verify_peer | ssl::verify_client_once);
|
||||||
|
|
||||||
bool verify_ok = false;
|
bool verify_ok = true;
|
||||||
String verifyError;
|
String verifyError;
|
||||||
|
|
||||||
sslConn.set_verify_callback([&verify_ok, &verifyError](bool preverified, ssl::verify_context& ctx) {
|
sslConn.set_verify_callback([&verify_ok, &verifyError](bool preverified, ssl::verify_context& ctx) {
|
||||||
verify_ok = preverified;
|
|
||||||
|
|
||||||
if (!preverified) {
|
if (!preverified) {
|
||||||
|
verify_ok = false;
|
||||||
|
|
||||||
std::ostringstream msgbuf;
|
std::ostringstream msgbuf;
|
||||||
int err = X509_STORE_CTX_get_error(ctx.native_handle());
|
int err = X509_STORE_CTX_get_error(ctx.native_handle());
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue