Index: runtime/bin/secure_socket.cc |
diff --git a/runtime/bin/secure_socket.cc b/runtime/bin/secure_socket.cc |
index 8f27ef93a69ae79a2585c05168ccc78abebd221d..12805872fbf3d75f96b8f37b8a1f0c5369cbf429 100644 |
--- a/runtime/bin/secure_socket.cc |
+++ b/runtime/bin/secure_socket.cc |
@@ -872,7 +872,11 @@ void SSLFilter::Connect(const char* hostname, |
SSL_set_mode(ssl_, SSL_MODE_AUTO_RETRY); // TODO(whesse): Is this right? |
SSL_set_ex_data(ssl_, filter_ssl_index, this); |
- if (!is_server_) { |
+ if (is_server_) { |
+ // Do not request a client certificate. |
+ // TODO(24069): Allow server to request a client certificate, when desired. |
+ SSL_set_verify(ssl_, SSL_VERIFY_NONE, NULL); |
+ } else { |
SetAlpnProtocolList(protocols_handle, ssl_, NULL, false); |
// Sets the hostname in the certificate-checking object, so it is checked |
// against the certificate presented by the server. |
@@ -884,6 +888,7 @@ void SSLFilter::Connect(const char* hostname, |
// TODO(24186) free hostname_ if it is not freed when SSL is destroyed. |
// otherwise, make it a local variable, not a instance field. |
} |
+ // Make the connection: |
if (is_server_) { |
status = SSL_accept(ssl_); |
if (SSL_LOG_STATUS) Log::Print("SSL_accept status: %d\n", status); |