sbuf: in varify-ca/full checking should not be optional

diff --git a/src/sbuf.c b/src/sbuf.c
index 7db688ac81e5d9ae67aa63ba67492907feb324a5..c754ad9501074697c097abb34c18ac1e095993c8 100644 (file)
--- a/src/sbuf.c
+++ b/src/sbuf.c
@@ -927,8 +927,10 @@ static void setup_tls(struct tls_config *conf, const char *pfx, int sslmode,
        } else {
                /* TLS server, check client? */
                if (sslmode == SSLMODE_VERIFY_FULL) {
-                       tls_config_verify_client_optional(conf);
+                       tls_config_verify_client(conf);
                } else if (sslmode == SSLMODE_VERIFY_CA) {
+                       tls_config_verify_client(conf);
+               } else {
                        tls_config_verify_client_optional(conf);
                }
        }