summaryrefslogtreecommitdiffstats
path: root/src/mbedTLS++/SslConfig.cpp
diff options
context:
space:
mode:
authorx12xx12x <44411062+12xx12@users.noreply.github.com>2023-03-26 14:48:06 +0200
committerMattes D <github@xoft.cz>2023-05-19 16:25:12 +0200
commit800f1c0bc5bd4632bd0f246c756283cc47d31a34 (patch)
tree9200f7d4bb2a4e3d91161468859c403f9933eae1 /src/mbedTLS++/SslConfig.cpp
parentRemoved all Printf-family functions from StringUtils. (diff)
downloadcuberite-800f1c0bc5bd4632bd0f246c756283cc47d31a34.tar
cuberite-800f1c0bc5bd4632bd0f246c756283cc47d31a34.tar.gz
cuberite-800f1c0bc5bd4632bd0f246c756283cc47d31a34.tar.bz2
cuberite-800f1c0bc5bd4632bd0f246c756283cc47d31a34.tar.lz
cuberite-800f1c0bc5bd4632bd0f246c756283cc47d31a34.tar.xz
cuberite-800f1c0bc5bd4632bd0f246c756283cc47d31a34.tar.zst
cuberite-800f1c0bc5bd4632bd0f246c756283cc47d31a34.zip
Diffstat (limited to 'src/mbedTLS++/SslConfig.cpp')
-rw-r--r--src/mbedTLS++/SslConfig.cpp14
1 files changed, 7 insertions, 7 deletions
diff --git a/src/mbedTLS++/SslConfig.cpp b/src/mbedTLS++/SslConfig.cpp
index 8ea850c9f..054d63980 100644
--- a/src/mbedTLS++/SslConfig.cpp
+++ b/src/mbedTLS++/SslConfig.cpp
@@ -1,11 +1,11 @@
#include "Globals.h"
-#include "SslConfig.h"
-#include "EntropyContext.h"
-#include "CtrDrbgContext.h"
-#include "CryptoKey.h"
-#include "X509Cert.h"
+#include "mbedTLS++/SslConfig.h"
+
+#include "mbedTLS++/CryptoKey.h"
+#include "mbedTLS++/EntropyContext.h"
+#include "mbedTLS++/RootCA.h"
// This allows us to debug SSL and certificate problems, but produce way too much output,
@@ -225,7 +225,6 @@ void cSslConfig::SetCACerts(cX509CertPtr a_CACert)
std::shared_ptr<cSslConfig> cSslConfig::MakeDefaultConfig(bool a_IsClient)
{
- // TODO: Default CA chain and SetAuthMode(eSslAuthMode::Required)
auto Ret = std::make_shared<cSslConfig>();
Ret->InitDefaults(a_IsClient);
@@ -236,7 +235,8 @@ std::shared_ptr<cSslConfig> cSslConfig::MakeDefaultConfig(bool a_IsClient)
Ret->SetRng(std::move(CtrDrbg));
}
- Ret->SetAuthMode(eSslAuthMode::None); // We cannot verify because we don't have a CA chain
+ Ret->SetAuthMode(eSslAuthMode::Required);
+ Ret->SetCACerts(GetCACerts());
#ifndef NDEBUG
#ifdef ENABLE_SSL_DEBUG_MSG