From 947be5aafcf4559cfe62ed343809c8e83e6bbaa1 Mon Sep 17 00:00:00 2001
From: Thomas Bernard <miniupnp@free.fr>
Date: Thu, 10 Apr 2014 23:28:41 +0200
Subject: [PATCH] upnphttp.c: Configure OpenSSL client cert verification

---
 miniupnpd/upnphttp.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/miniupnpd/upnphttp.c b/miniupnpd/upnphttp.c
index 47b0968..57da09e 100644
--- a/miniupnpd/upnphttp.c
+++ b/miniupnpd/upnphttp.c
@@ -52,6 +52,12 @@ syslogsslerr(void)
 	}
 }
 
+static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
+{
+	syslog(LOG_DEBUG, "verify_callback(%d, %p)", preverify_ok, ctx);
+	return preverify_ok;
+}
+
 int init_ssl(void)
 {
 	SSL_METHOD *method;
@@ -87,6 +93,9 @@ int init_ssl(void)
 		syslogsslerr();
 		return -1;
 	}
+	/*SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, verify_callback);*/
+	SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, verify_callback);
+	/*SSL_CTX_set_verify_depth(depth);*/
 	return 0;
 }