mollyim/webrtc
1
0
Fork 0
mirror of https://github.com/mollyim/webrtc.git synced 2025-05-13 13:50:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

openssl_adapter: document SSL_CTX_set_verify_depth behaviour

Browse source 
document the reason for the depth setting in the code.

BUG=None

Change-Id: Ia761833ff1cc6fb6cc2768d408e26fe87ded57ac
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/222605
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#34336}
This commit is contained in:
Philipp Hancke 2021-06-16 10:26:56 +02:00 committed by WebRTC LUCI CQ
parent fbe995874f
commit ae278d47da
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
rtc_base/openssl_adapter.cc
View file

@ -981,6 +981,9 @@ SSL_CTX* OpenSSLAdapter::CreateContext(SSLMode mode, bool enable_cache) {
SSL_CTX_set_custom_verify(ctx, SSL_VERIFY_PEER, SSLVerifyCallback); SSL_CTX_set_custom_verify(ctx, SSL_VERIFY_PEER, SSLVerifyCallback);
#else #else
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, SSLVerifyCallback); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, SSLVerifyCallback);
// Verify certificate chains up to a depth of 4. This is not
// needed for DTLS-SRTP which uses self-signed certificates
// (so the depth is 0) but is required to support TURN/TLS.
SSL_CTX_set_verify_depth(ctx, 4); SSL_CTX_set_verify_depth(ctx, 4);
#endif #endif
// Use defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers // Use defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers