diff options
| author | x12xx12x <44411062+12xx12@users.noreply.github.com> | 2023-03-26 14:48:06 +0200 |
|---|---|---|
| committer | Mattes D <github@xoft.cz> | 2023-05-19 16:25:12 +0200 |
| commit | 800f1c0bc5bd4632bd0f246c756283cc47d31a34 (patch) | |
| tree | 9200f7d4bb2a4e3d91161468859c403f9933eae1 /src/mbedTLS++/SslConfig.cpp | |
| parent | Removed all Printf-family functions from StringUtils. (diff) | |
| download | cuberite-800f1c0bc5bd4632bd0f246c756283cc47d31a34.tar cuberite-800f1c0bc5bd4632bd0f246c756283cc47d31a34.tar.gz cuberite-800f1c0bc5bd4632bd0f246c756283cc47d31a34.tar.bz2 cuberite-800f1c0bc5bd4632bd0f246c756283cc47d31a34.tar.lz cuberite-800f1c0bc5bd4632bd0f246c756283cc47d31a34.tar.xz cuberite-800f1c0bc5bd4632bd0f246c756283cc47d31a34.tar.zst cuberite-800f1c0bc5bd4632bd0f246c756283cc47d31a34.zip | |
Diffstat (limited to 'src/mbedTLS++/SslConfig.cpp')
| -rw-r--r-- | src/mbedTLS++/SslConfig.cpp | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/src/mbedTLS++/SslConfig.cpp b/src/mbedTLS++/SslConfig.cpp index 8ea850c9f..054d63980 100644 --- a/src/mbedTLS++/SslConfig.cpp +++ b/src/mbedTLS++/SslConfig.cpp @@ -1,11 +1,11 @@ #include "Globals.h" -#include "SslConfig.h" -#include "EntropyContext.h" -#include "CtrDrbgContext.h" -#include "CryptoKey.h" -#include "X509Cert.h" +#include "mbedTLS++/SslConfig.h" + +#include "mbedTLS++/CryptoKey.h" +#include "mbedTLS++/EntropyContext.h" +#include "mbedTLS++/RootCA.h" // This allows us to debug SSL and certificate problems, but produce way too much output, @@ -225,7 +225,6 @@ void cSslConfig::SetCACerts(cX509CertPtr a_CACert) std::shared_ptr<cSslConfig> cSslConfig::MakeDefaultConfig(bool a_IsClient) { - // TODO: Default CA chain and SetAuthMode(eSslAuthMode::Required) auto Ret = std::make_shared<cSslConfig>(); Ret->InitDefaults(a_IsClient); @@ -236,7 +235,8 @@ std::shared_ptr<cSslConfig> cSslConfig::MakeDefaultConfig(bool a_IsClient) Ret->SetRng(std::move(CtrDrbg)); } - Ret->SetAuthMode(eSslAuthMode::None); // We cannot verify because we don't have a CA chain + Ret->SetAuthMode(eSslAuthMode::Required); + Ret->SetCACerts(GetCACerts()); #ifndef NDEBUG #ifdef ENABLE_SSL_DEBUG_MSG |