Always verify peer certificate in lws.

Behavior is defined by SSL flags passed via the context. Simplified port of the patch submitted and accepted in lws master branch (PR 1215)
author: Fabio Alessandrelli <fabio.alessandrelli@gmail.com> 2018-03-28 15:36:44 +0200
committer: Fabio Alessandrelli <fabio.alessandrelli@gmail.com> 2018-04-03 19:25:24 +0200
commit: 629783f3aaf9d6b489fe86c2057fb93f54fb5388 (patch)
tree: 0fdfe5275f40d262e2a8b932af9c73b841d7b493 /thirdparty/lws/client
parent: 13185681ff08d13bd2541ab0013b4501d73cfd00 (diff)
1 files changed, 1 insertions, 5 deletions
diff --git a/thirdparty/lws/client/ssl-client.c b/thirdparty/lws/client/ssl-client.c
index 6626e08448..962c6e3cb5 100644
--- a/thirdparty/lws/client/ssl-client.c
+++ b/thirdparty/lws/client/ssl-client.c
@@ -176,11 +176,7 @@ lws_ssl_client_bio_create(struct lws *wsi)
 #endif
 #else
 #if defined(LWS_WITH_MBEDTLS)
-	if (wsi->vhost->x509_client_CA)
-		SSL_set_verify(wsi->ssl, SSL_VERIFY_PEER, OpenSSL_client_verify_callback);
-	else
-		SSL_set_verify(wsi->ssl, SSL_VERIFY_NONE, OpenSSL_client_verify_callback);
-
+	SSL_set_verify(wsi->ssl, SSL_VERIFY_PEER, OpenSSL_client_verify_callback);
 #else
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 	SSL_set_tlsext_host_name(wsi->ssl, hostname);
author	Fabio Alessandrelli <fabio.alessandrelli@gmail.com>	2018-03-28 15:36:44 +0200
committer	Fabio Alessandrelli <fabio.alessandrelli@gmail.com>	2018-04-03 19:25:24 +0200
commit	629783f3aaf9d6b489fe86c2057fb93f54fb5388 (patch)
tree	0fdfe5275f40d262e2a8b932af9c73b841d7b493 /thirdparty/lws/client
parent	13185681ff08d13bd2541ab0013b4501d73cfd00 (diff)