1 files changed, 12 insertions, 16 deletions

diff --git a/cpp/src/Glacier/GlacierRouter.cpp b/cpp/src/Glacier/GlacierRouter.cpp
index 18b20dfed19..142c9ab8cda 100644
--- a/cpp/src/Glacier/GlacierRouter.cpp
+++ b/cpp/src/Glacier/GlacierRouter.cpp
@@ -128,31 +128,27 @@ Glacier::Router::run(int argc, char* argv[])
     // Only do this if we've been configured for SSL
     if (!clientConfig.empty() && !serverConfig.empty())
     {
-        string clientPrivKey = properties->getProperty("Ice.SSL.Client.Overrides.RSA.PrivateKey");
-        string clientPubKey  = properties->getProperty("Ice.SSL.Client.Overrides.RSA.Certificate");
-        string serverPrivKey = properties->getProperty("Ice.SSL.Server.Overrides.RSA.PrivateKey");
-        string serverPubKey  = properties->getProperty("Ice.SSL.Server.Overrides.RSA.Certificate");
-
         IceSSL::ContextType contextType = IceSSL::ClientServer;
 
-        // Get our SSL System and an instance of the SSL Extension itself
+        // Get our SSL System
         IceSSL::SystemPtr sslSystem = communicator()->getSslSystem();
-        IceSSL::SslExtensionPtr sslExtension = communicator()->getSslExtension();
 
         // The system must configure itself (using config files as specified)
         sslSystem->configure(contextType);
 
-        // Set the keys we will be using.
-        sslSystem->setRSAKeysBase64(IceSSL::Client, clientPrivKey, clientPubKey);
-        sslSystem->setRSAKeysBase64(IceSSL::Server, serverPrivKey, serverPubKey);
-
-        // Install a Certificate Verifier that only accepts the client's certificate.
+        // If we have been told only to only accept a single certificate.
         string clientCertBase64 = properties->getProperty("Glacier.Router.AcceptCert");
-        Ice::ByteSeq clientCert = IceUtil::Base64::decode(clientCertBase64);
-        sslSystem->setCertificateVerifier(contextType, sslExtension->getSingleCertVerifier(clientCert));
+        if (!clientCertBase64.empty())
+        {
+            // Get an instance of the SSL Extension itself
+            IceSSL::SslExtensionPtr sslExtension = communicator()->getSslExtension();
+            // Install a Certificate Verifier that only accepts indicated certificate.
+            Ice::ByteSeq clientCert = IceUtil::Base64::decode(clientCertBase64);
+            sslSystem->setCertificateVerifier(contextType, sslExtension->getSingleCertVerifier(clientCert));
         
-        // Add the Client's certificate as a trusted certificate.
-        sslSystem->addTrustedCertificateBase64(contextType, clientCertBase64);
+            // Add the Client's certificate as a trusted certificate.
+            sslSystem->addTrustedCertificateBase64(contextType, clientCertBase64);
+        }
     }
 
     //