EventMachine bug: ssl_verify_peer() not called on CA mismatch of cert and key.

em.ssl.bug.rb

require 'eventmachine'

class Handler < EventMachine::Connection

    def initialize( opts = {} )
        @role = opts[:role]

        @ssl_opts = opts[:ssl] || {}
        @ssl_opts[:verify_peer] = true
    end

    def post_init
        start_tls( @ssl_opts )
    end

    def receive_data( data )
        log 'Received: ' + data.to_s
    end

    def send_stuff( msg )
        log 'Sending: ' + msg.to_s
        send_data( msg )
    end

    def ssl_verify_peer( cert )
        log 'VERIFY'
        return true
    end

    def log( msg )
        puts @role.to_s + ': ' + msg
    end

end

server_opts = {
    :role => :server
}

client_opts = {
    :ssl => {
        :private_key_file => 'key.pem',
        # :private_key_file => 'foo-key.pem',
        :cert_chain_file  => 'cert.pem',
        # :cert_chain_file  => 'foo-cert.pem',
    },
    :role => :client
}

EM.run {
    EM.start_server( "127.0.0.1", 9999, Handler, server_opts )

    handler = EM.connect( "127.0.0.1", 9999, Handler, client_opts )
    handler.send_stuff( 'Hi' )
}

PEM files can be downloaded from: http://segfault.gr/em-ssl-bug-pems.tar.bz2