From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 15 Dec 2010 10:11:20 +0000 (+0100)
Subject: axtls_connect: allow connect without peer verification
X-Git-Tag: curl-7_21_4~153
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c75a9fef592a412de707b45ea1a6f814cf65a23f;p=curl

axtls_connect: allow connect without peer verification

The SSL_SERVER_VERIFY_LATER bit in the ssl_ctx_new() call allows the
code to verify the peer certificate explicitly after the handshake and
then the "data->set.ssl.verifypeer" option works.
---

diff --git a/lib/axtls.c b/lib/axtls.c
index 855b554b4..152de6f2c 100644
--- a/lib/axtls.c
+++ b/lib/axtls.c
@@ -156,7 +156,7 @@ Curl_axtls_connect(struct connectdata *conn,
   const char *x509;
 
   /* Assuming users will not compile in custom key/cert to axTLS */
-  uint32_t client_option = SSL_NO_DEFAULT_KEY;
+  uint32_t client_option = SSL_NO_DEFAULT_KEY|SSL_SERVER_VERIFY_LATER;
 
   if(conn->ssl[sockindex].state == ssl_connection_complete)
     /* to make us tolerant against being called more than once for the