From: Fabian Keil <fk@fabiankeil.de>
Date: Thu, 27 Aug 2020 13:11:02 +0000 (+0200)
Subject: create_server_ssl_connection(): Add comment about optimization possibility
X-Git-Tag: v_3_0_34~140
X-Git-Url: http://www.privoxy.org/gitweb/%22https:/static/user-manual/documentation.html?a=commitdiff_plain;h=1547dac5126fa35db78b737af31f3c2044173881;p=privoxy.git

create_server_ssl_connection(): Add comment about optimization possibility
---

diff --git a/openssl.c b/openssl.c
index a57cb32e..685995f7 100644
--- a/openssl.c
+++ b/openssl.c
@@ -1155,6 +1155,11 @@ extern int create_server_ssl_connection(struct client_state *csp)
       goto exit;
    }
 
+   /*
+    * XXX: Do we really have to do this always?
+    *      Probably it's sufficient to do if the verification fails
+    *      in which case we're sending the certificates to the client.
+    */
    chain = SSL_get_peer_cert_chain(ssl);
    if (chain)
    {