|
|
@@ -220,11 +220,11 @@ static int ssl_pm_reload_crt(SSL *ssl)
|
|
|
struct pkey_pm *pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm;
|
|
|
struct x509_pm *crt_pm = (struct x509_pm *)ssl->cert->x509->x509_pm;
|
|
|
|
|
|
- if (ssl->verify_mode == SSL_VERIFY_PEER)
|
|
|
+ if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
|
|
|
mode = MBEDTLS_SSL_VERIFY_REQUIRED;
|
|
|
- else if (ssl->verify_mode == SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
|
|
|
+ else if (ssl->verify_mode & SSL_VERIFY_PEER)
|
|
|
mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
|
|
|
- else if (ssl->verify_mode == SSL_VERIFY_CLIENT_ONCE)
|
|
|
+ else if (ssl->verify_mode & SSL_VERIFY_CLIENT_ONCE)
|
|
|
mode = MBEDTLS_SSL_VERIFY_UNSET;
|
|
|
else
|
|
|
mode = MBEDTLS_SSL_VERIFY_NONE;
|
Chris Morgan