Home Explore Help
Sign In
cpp
/
libdatachannel
mirror of https://github.com/paullouisageneau/libdatachannel
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

impl::TlsTransport: OpenSSL's default verify paths if mIsClient

rather than only when a certificate is not provided
Salvo Passaro 1 year ago
parent
499398a4b7
commit
efe808764e
1 changed files with 6 additions and 4 deletions
Split View Show Diff Stats
  1. 6 4
      src/impl/tlstransport.cpp

+ 6 - 4
src/impl/tlstransport.cpp
View File 

@@ -592,14 +592,16 @@ TlsTransport::TlsTransport(variant<shared_ptr<TcpTransport>, shared_ptr<HttpProx
 
 		SSL_CTX_set_options(mCtx, SSL_OP_SINGLE_ECDH_USE);
 
 #endif
 
 
+		if(mIsClient) {
 
+			if (!SSL_CTX_set_default_verify_paths(mCtx)) {
 
+				PLOG_WARNING << "SSL root CA certificates unavailable";
 
+			}
 
+		}
 
+
 
 		if (certificate) {
 
 			auto [x509, pkey] = certificate->credentials();
 
 			SSL_CTX_use_certificate(mCtx, x509);
 
 			SSL_CTX_use_PrivateKey(mCtx, pkey);
 
-		} else {
 
-			if (!SSL_CTX_set_default_verify_paths(mCtx)) {
 
-				PLOG_WARNING << "SSL root CA certificates unavailable";
 
-			}
 
 		}
 
 
 		SSL_CTX_set_options(mCtx, SSL_OP_NO_SSLv3 | SSL_OP_NO_RENEGOTIATION);