[PATCH ustream-ssl 09/12] ustream-mbedtls: implement set_require_validation
Petr Štetiar
ynezz at true.cz
Thu Dec 10 10:41:31 EST 2020
In commit "ustream-openssl: wolfSSL: fix certificate validation" we've
added new set_require_validation() function so implement it for mbed TLS
as well.
Signed-off-by: Petr Štetiar <ynezz at true.cz>
---
ustream-mbedtls.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
index 3424743c6452..1bea9832617f 100644
--- a/ustream-mbedtls.c
+++ b/ustream-mbedtls.c
@@ -290,6 +290,18 @@ __hidden int __ustream_ssl_set_ciphers(struct ustream_ssl_ctx *ctx, const char *
return 0;
}
+__hidden int __ustream_ssl_set_require_validation(struct ustream_ssl_ctx *ctx, bool require)
+{
+ int mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
+
+ if (!require)
+ mode = MBEDTLS_SSL_VERIFY_NONE;
+
+ mbedtls_ssl_conf_authmode(&ctx->conf, mode);
+
+ return 0;
+}
+
__hidden void __ustream_ssl_context_free(struct ustream_ssl_ctx *ctx)
{
#if defined(MBEDTLS_SSL_CACHE_C)
More information about the openwrt-devel
mailing list