ssl_pm_reload_crt() - Fix verify_mode checking to match openssl documentation https...

author Chris Morgan <chmorgan@gmail.com>

Sat, 7 Jul 2018 19:54:47 +0000 (15:54 -0400)

committer Ivan Grokhotkov <ivan@espressif.com>

Mon, 9 Jul 2018 06:41:56 +0000 (14:41 +0800)
author Chris Morgan <chmorgan@gmail.com>
Sat, 7 Jul 2018 19:54:47 +0000 (15:54 -0400)
committer Ivan Grokhotkov <ivan@espressif.com>
Mon, 9 Jul 2018 06:41:56 +0000 (14:41 +0800)
diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c

index cd9960da12991b0c3fc25d18c37a495257a01289..1448faa4ec1ca5fecebeec6989b8635e986f203d 100644 (file)
--- a/components/openssl/platform/ssl_pm.c
+++ b/components/openssl/platform/ssl_pm.c
@@ -220,11 +220,11 @@ static int ssl_pm_reload_crt(SSL *ssl)
      struct pkey_pm *pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm;
      struct x509_pm *crt_pm = (struct x509_pm *)ssl->cert->x509->x509_pm;
  
-    if (ssl->verify_mode == SSL_VERIFY_PEER)
+    if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
          mode = MBEDTLS_SSL_VERIFY_REQUIRED;
-    else if (ssl->verify_mode == SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
+    else if (ssl->verify_mode & SSL_VERIFY_PEER)
          mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
-    else if (ssl->verify_mode == SSL_VERIFY_CLIENT_ONCE)
+    else if (ssl->verify_mode & SSL_VERIFY_CLIENT_ONCE)
          mode = MBEDTLS_SSL_VERIFY_UNSET;
      else
          mode = MBEDTLS_SSL_VERIFY_NONE;
author	Chris Morgan <chmorgan@gmail.com>
	Sat, 7 Jul 2018 19:54:47 +0000 (15:54 -0400)
committer	Ivan Grokhotkov <ivan@espressif.com>
	Mon, 9 Jul 2018 06:41:56 +0000 (14:41 +0800)