From e787d0855b51a47f10547d0346faa7fe6def5064 Mon Sep 17 00:00:00 2001
From: Jose <jose@zeroc.com>
Date: Tue, 21 Oct 2014 11:33:27 +0200
Subject: OS X 10.10 SSL configuration fixes

---
 cpp/src/IceSSL/SecureTransportEngine.cpp       | 7 +++++++
 cpp/src/IceSSL/SecureTransportTransceiverI.cpp | 7 +++++++
 2 files changed, 14 insertions(+)

(limited to 'cpp/src')

diff --git a/cpp/src/IceSSL/SecureTransportEngine.cpp b/cpp/src/IceSSL/SecureTransportEngine.cpp
index 7a4d16d7c5e..743347feb67 100644
--- a/cpp/src/IceSSL/SecureTransportEngine.cpp
+++ b/cpp/src/IceSSL/SecureTransportEngine.cpp
@@ -1499,5 +1499,12 @@ IceSSL::SecureTransportEngine::parseCiphers(const string& ciphers)
         }
     }
     _ciphers = enabled;
+
+    if(_ciphers.empty())
+    {
+        throw PluginInitializationException(__FILE__, __LINE__,
+                                            "IceSSL: invalid value for IceSSL.Ciphers:\n" + ciphers +
+                                            "\nThe result cipher list does not contain any entries");
+    }
 }
 #endif
diff --git a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp
index 38f9e4cc70a..a8f491db570 100644
--- a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp
+++ b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp
@@ -224,6 +224,13 @@ IceSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::B
         {
             assert(!_trust);
             err = SSLCopyPeerTrust(_ssl, &_trust);
+            if(_incoming && err == errSSLBadCert && _engine->getVerifyPeer() == 1)
+            {
+                // This happens in 10.10 when the client doesn't provide
+                // a certificate and the server is configured to try
+                // authenticate
+                continue;
+            }
             if(err == noErr)
             {
                 checkTrustResult(_trust, _engine, _instance);
-- 
cgit v1.2.3