axtls_connect: allow connect without peer verification

The SSL_SERVER_VERIFY_LATER bit in the ssl_ctx_new() call allows the
code to verify the peer certificate explicitly after the handshake and
then the "data->set.ssl.verifypeer" option works.

diff --git a/lib/axtls.c b/lib/axtls.c
index 855b554b43893023436d95fa9d9185a765e1a898..152de6f2cc48cc4bea2ba94f46514686ce8e8503 100644 (file)
--- a/lib/axtls.c
+++ b/lib/axtls.c
@@ -156,7 +156,7 @@ Curl_axtls_connect(struct connectdata *conn,
   const char *x509;
 
   /* Assuming users will not compile in custom key/cert to axTLS */
-  uint32_t client_option = SSL_NO_DEFAULT_KEY;
+  uint32_t client_option = SSL_NO_DEFAULT_KEY|SSL_SERVER_VERIFY_LATER;
 
   if(conn->ssl[sockindex].state == ssl_connection_complete)
     /* to make us tolerant against being called more than once for the