Daniel Danzberger 4144c1e61b mbedtls-server: Fix broken client verification ... This fixes clients being able to connect with a certicate that was not signed by the configured CA when SSL_VERIFY_FAIL_IF_NO_PEER_CERT is set. The issue only appeared when a client connects via IP address directly and not use a hostname. When the hostname was used to connect, the SNI 'callback lws_mbedtls_sni_cb' overwrote the invalid verfiy mode of MBEDTLS_SSL_VERIFY_OPTIONAL with MBEDTLS_SSL_VERIFY_REQUIRED by calling SSL_set_SSL_CTX. Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>		2023-09-28 11:06:05 +01:00
..
wrapper	mbedtls-server: Fix broken client verification	2023-09-28 11:06:05 +01:00
CMakeLists.txt	cmake: mbedtls: extra CMAKE_REQUIRED_INCLUDES	2021-07-13 08:27:27 +01:00
lws-genaes.c	tls: mbedtls-3	2021-07-13 13:22:50 +01:00
lws-gencrypto.c	type comparisons: fixes	2021-01-05 10:56:38 +00:00
lws-genec.c	cose: keys and signing + validation	2021-08-31 05:45:35 +01:00
lws-genhash.c	tls: mbedtls-3	2021-07-13 13:22:50 +01:00
lws-genrsa.c	cose: keys and signing + validation	2021-08-31 05:45:35 +01:00
mbedtls-client.c	jit-trust: adapt for esp-idf pre v3 mbedtls	2022-03-15 10:28:09 +00:00
mbedtls-extensions.c	mbedtls: v3.1 reverts privacy of mbedtls_net_context fd	2022-03-15 10:28:09 +00:00
mbedtls-server.c	base64: improve sanity checking	2022-03-25 08:18:30 +00:00
mbedtls-session.c	mbedtls: sessions: clean session on bail path	2021-07-13 08:27:20 +01:00
mbedtls-ssl.c	tls: evolve handshake serialization into simultaneous_ssl_handshake_restriction	2021-10-05 07:40:17 +01:00
mbedtls-tls.c	logs: introduce log_cx	2021-07-01 05:20:53 +01:00
mbedtls-x509.c	mbedtls: v3.1 reverts privacy of mbedtls_net_context fd	2022-03-15 10:28:09 +00:00
private-lib-tls-mbedtls.h	mbedtls: add AKID and SKID support	2021-06-22 15:55:29 +01:00