|
|
@@ -269,9 +269,14 @@ TlsTransport::TlsTransport(shared_ptr<TcpTransport> lower, string host, state_ca
|
|
|
SSL_CTX_set_quiet_shutdown(mCtx, 1);
|
|
|
SSL_CTX_set_info_callback(mCtx, InfoCallback);
|
|
|
|
|
|
- SSL_CTX_set_default_verify_paths(mCtx);
|
|
|
- SSL_CTX_set_verify(mCtx, SSL_VERIFY_PEER, NULL);
|
|
|
- SSL_CTX_set_verify_depth(mCtx, 4);
|
|
|
+ if (SSL_CTX_set_default_verify_paths(mCtx)) {
|
|
|
+ PLOG_INFO << "SSL root CA certificates available, server verification enabled";
|
|
|
+ SSL_CTX_set_verify(mCtx, SSL_VERIFY_PEER, NULL);
|
|
|
+ SSL_CTX_set_verify_depth(mCtx, 4);
|
|
|
+ } else {
|
|
|
+ PLOG_WARNING << "SSL root CA certificates unavailable, server verification disabled";
|
|
|
+ SSL_CTX_set_verify(mCtx, SSL_VERIFY_NONE, NULL);
|
|
|
+ }
|
|
|
|
|
|
if (!(mSsl = SSL_new(mCtx)))
|
|
|
throw std::runtime_error("Failed to create SSL instance");
|
Paul-Louis Ageneau