From 82e5f6c24ffef1fdc6ef2a1df8be21e0bf27b715 Mon Sep 17 00:00:00 2001
From: Andrey Kleshchev <andreykproductengine@lindenlab.com>
Date: Wed, 4 Mar 2020 17:39:22 +0200
Subject: SL-12421 Viewer's certificate validation does not reject connections

---
 indra/llcorehttp/_httpoprequest.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'indra/llcorehttp')

diff --git a/indra/llcorehttp/_httpoprequest.cpp b/indra/llcorehttp/_httpoprequest.cpp
index 0f76ff23ea..6978b8d08b 100644
--- a/indra/llcorehttp/_httpoprequest.cpp
+++ b/indra/llcorehttp/_httpoprequest.cpp
@@ -1010,8 +1010,8 @@ CURLcode HttpOpRequest::curlSslCtxCallback(CURL *curl, void *sslctx, void *userd
 	if (op->mCallbackSSLVerify)
 	{
 		SSL_CTX * ctx = (SSL_CTX *)sslctx;
-		// disable any default verification for server certs
-		SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
+		// verification for ssl certs
+		SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
 		// set the verification callback.
 		SSL_CTX_set_cert_verify_callback(ctx, sslCertVerifyCallback, userdata);
 		// the calls are void
-- 
cgit v1.2.3