1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00

verify_mode should match to auth_mode

SSL_VERIFY_PEER->MBEDTLS_SSL_VERIFY_REQUIRED
SSL_VERIFY_FAIL_IF_NO_PEER_CERT->MBEDTLS_SSL_VERIFY_OPTIONAL
This commit is contained in:
Jeongik Cha 2024-10-31 00:36:56 +09:00 committed by GitHub
parent 7cd240f30f
commit 90c04d12af
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -255,10 +255,10 @@ static int ssl_pm_reload_crt(SSL *ssl)
struct pkey_pm *pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm;
struct x509_pm *crt_pm = (struct x509_pm *)ssl->cert->x509->x509_pm;
if (ssl->verify_mode == SSL_VERIFY_PEER)
mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
else if (ssl->verify_mode == SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
if ((ssl->verify_mode & SSL_VERIFY_PEER) > 0)
mode = MBEDTLS_SSL_VERIFY_REQUIRED;
else if ((ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) > 0)
mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
else if (ssl->verify_mode == SSL_VERIFY_CLIENT_ONCE)
mode = MBEDTLS_SSL_VERIFY_UNSET;
else