diff --git a/rmps.c b/rmps.c index c1df41b..31f4e6d 100644 --- a/rmps.c +++ b/rmps.c @@ -23,7 +23,7 @@ static void cleanup(void); static void signal_handler(int sig); static void load_certificates(SSL_CTX *ctx, const char *certfile, const char *keyfile, const char *cafile); -static SSL_CTX* init_server_ctx(const char *cipherlist); +static SSL_CTX* init_server_ctx(const char *cipherlist, int mode); static int pid_file_handle; @@ -194,7 +194,7 @@ static int open_listener(int port) } /* Init server and create context */ -static SSL_CTX* init_server_ctx(const char *cipherlist) +static SSL_CTX* init_server_ctx(const char *cipherlist, int mode) { SSL_CTX *ctx; char ciphers[1024]; @@ -210,10 +210,7 @@ static SSL_CTX* init_server_ctx(const char *cipherlist) log(ERROR, "RMPS failed to start, shutting down..."); exit(EXIT_FAILURE); } - SSL_CTX_set_verify( ctx, SSL_VERIFY_PEER | - SSL_VERIFY_CLIENT_ONCE | - SSL_VERIFY_FAIL_IF_NO_PEER_CERT, - NULL); + SSL_CTX_set_verify(ctx, mode, NULL); ciphers[0] = 0; strcat(ciphers, "-ALL"); /* Disable any ciphers we have by default */ @@ -277,7 +274,10 @@ void launch_rmps(struct conf_table *conf, int fork_flag) * -nodes is for not protecing with a passphrase * http://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl */ - pool_args[0].ctx = init_server_ctx(conf->rmps.cipherlist); + pool_args[0].ctx = init_server_ctx(conf->rmps.cipherlist, + SSL_VERIFY_PEER | + SSL_VERIFY_CLIENT_ONCE | + SSL_VERIFY_FAIL_IF_NO_PEER_CERT); log(VERBOSE, "Loading agent certs and keys."); load_certificates(pool_args[0].ctx, conf->rmps.agent_tls_crt, conf->rmps.agent_tls_key, conf->rmps.cafile); @@ -287,7 +287,7 @@ void launch_rmps(struct conf_table *conf, int fork_flag) log(VERBOSE, "Creating agent thread pool (mutex)."); pthread_create(&pool[0], NULL, agent_pool, &pool_args[0]); - pool_args[1].ctx = init_server_ctx(conf->rmps.cipherlist); + pool_args[1].ctx = init_server_ctx(conf->rmps.cipherlist, SSL_VERIFY_NONE); log(VERBOSE, "Loading client certs and keys."); load_certificates(pool_args[1].ctx, conf->rmps.client_tls_crt, conf->rmps.client_tls_key, conf->rmps.cafile);