create_server_ssl_connection(): Add comment about optimization possibility

diff --git a/openssl.c b/openssl.c
index a57cb32..685995f 100644 (file)
--- a/openssl.c
+++ b/openssl.c
@@ -1155,6 +1155,11 @@ extern int create_server_ssl_connection(struct client_state *csp)
       goto exit;
    }
 
       goto exit;
    }
 

+   /*
+    * XXX: Do we really have to do this always?
+    *      Probably it's sufficient to do if the verification fails
+    *      in which case we're sending the certificates to the client.
+    */

    chain = SSL_get_peer_cert_chain(ssl);
    if (chain)
    {
    chain = SSL_get_peer_cert_chain(ssl);
    if (chain)
    {