diff options
Diffstat (limited to 'cpp/src')
| -rw-r--r-- | cpp/src/IceSSL/SecureTransportEngine.cpp | 7 | ||||
| -rw-r--r-- | cpp/src/IceSSL/SecureTransportTransceiverI.cpp | 7 |
2 files changed, 14 insertions, 0 deletions
diff --git a/cpp/src/IceSSL/SecureTransportEngine.cpp b/cpp/src/IceSSL/SecureTransportEngine.cpp index 7a4d16d7c5e..743347feb67 100644 --- a/cpp/src/IceSSL/SecureTransportEngine.cpp +++ b/cpp/src/IceSSL/SecureTransportEngine.cpp @@ -1499,5 +1499,12 @@ IceSSL::SecureTransportEngine::parseCiphers(const string& ciphers) } } _ciphers = enabled; + + if(_ciphers.empty()) + { + throw PluginInitializationException(__FILE__, __LINE__, + "IceSSL: invalid value for IceSSL.Ciphers:\n" + ciphers + + "\nThe result cipher list does not contain any entries"); + } } #endif diff --git a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp index 38f9e4cc70a..a8f491db570 100644 --- a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp +++ b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp @@ -224,6 +224,13 @@ IceSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::B { assert(!_trust); err = SSLCopyPeerTrust(_ssl, &_trust); + if(_incoming && err == errSSLBadCert && _engine->getVerifyPeer() == 1) + { + // This happens in 10.10 when the client doesn't provide + // a certificate and the server is configured to try + // authenticate + continue; + } if(err == noErr) { checkTrustResult(_trust, _engine, _instance); |