Browse code

tls_ctx_set_tls_versions: move verify_flags to where it is used

Minor cleanup of this function now that we are allowed to write C99: move
(and rename) flags to the code where it's actually used to improve
readability.

(I originally did this as part of the tls-version-{min,max} patch for
openssl 1.1, but that made the diff hard to read.)

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20171126141555.25930-3-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15931.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

Steffan Karger authored on 2017/11/26 23:15:55
Showing 1 changed files
... ...
@@ -277,9 +277,6 @@ tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
277 277
 {
278 278
     ASSERT(NULL != ctx);
279 279
 
280
-    /* default certificate verification flags */
281
-    int flags = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
282
-
283 280
     /* process SSL options */
284 281
     long sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_TICKET;
285 282
 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
... ...
@@ -301,17 +298,18 @@ tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
301 301
     SSL_CTX_set_default_passwd_cb(ctx->ctx, pem_password_callback);
302 302
 
303 303
     /* Require peer certificate verification */
304
+    int verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
304 305
 #if P2MP_SERVER
305 306
     if (ssl_flags & SSLF_CLIENT_CERT_NOT_REQUIRED)
306 307
     {
307
-        flags = 0;
308
+        verify_flags = 0;
308 309
     }
309 310
     else if (ssl_flags & SSLF_CLIENT_CERT_OPTIONAL)
310 311
     {
311
-        flags = SSL_VERIFY_PEER;
312
+        verify_flags = SSL_VERIFY_PEER;
312 313
     }
313 314
 #endif
314
-    SSL_CTX_set_verify(ctx->ctx, flags, verify_callback);
315
+    SSL_CTX_set_verify(ctx->ctx, verify_flags, verify_callback);
315 316
 
316 317
     SSL_CTX_set_info_callback(ctx->ctx, info_callback);
317 318