actually bother to verify certs!

2009-08-04 18:03:06 +01:00 · 2009-08-04 18:03:06 +01:00 · 855c7fe475
parent 2fd641ff80
commit 855c7fe475
2 changed files with 3 additions and 2 deletions
--- a/deps/amqp_client/Makefile
+++ b/deps/amqp_client/Makefile
@ -69,7 +69,7 @@ SSL := true
 ALL_SSL := { $(MAKE) test_ssl || OK_ALL=false; }
 ALL_SSL_COVERAGE := { $(MAKE) test_ssl_coverage || OK_ALL=false; }
 SSL_BROKER_ARGS := -rabbit ssl_listeners [{\\\"0.0.0.0\\\",5671}] \
-	-rabbit ssl_options [{cacertfile,\\\"$(SSL_CERTS_DIR)/testca/cacert.pem\\\"},{certfile,\\\"$(SSL_CERTS_DIR)/server/cert.pem\\\"},{keyfile,\\\"$(SSL_CERTS_DIR)/server/key.pem\\\"}] \
+	-rabbit ssl_options [{cacertfile,\\\"$(SSL_CERTS_DIR)/testca/cacert.pem\\\"},{certfile,\\\"$(SSL_CERTS_DIR)/server/cert.pem\\\"},{keyfile,\\\"$(SSL_CERTS_DIR)/server/key.pem\\\"},{verify,verify_peer},{fail_if_no_peer_cert,true}] \
 	-erlang_client_ssl_dir \"$(SSL_CERTS_DIR)\"
 else
 SSL := @echo No SSL_CERTS_DIR defined. && false
--- a/deps/amqp_client/test/ssl_client_SUITE.erl
+++ b/deps/amqp_client/test/ssl_client_SUITE.erl
@ -83,7 +83,8 @@ new_connection() ->
                                  [{cacertfile, CertsDir ++ "/testca/cacert.pem"},
                                   {certfile, CertsDir ++ "/client/cert.pem"},
                                   {keyfile, CertsDir ++ "/client/key.pem"},
-                                   {verify, verify_peer}]).
+                                   {verify, verify_peer},
+                                   {fail_if_no_peer_cert, true}]).

 test_coverage() ->
    rabbit_misc:enable_cover(),