Skip to content

Commit b1f99b3

Browse files
alandekokalandekok
committed
one more patch
1 parent d8b9597 commit b1f99b3

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

src/main/tls.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -524,12 +524,12 @@ tls_session_t *tls_new_client_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *con
524524
* Always verify the peer, but only require a certificate
525525
* if we're doing certificate auth, and not PSK.
526526
*/
527-
verify_mode = SSL_VERIFY_PEER;
528527
if (!conf->psk_identity) {
529528
RDEBUG2("(TLS) Requiring Server certificate");
529+
verify_mode = SSL_VERIFY_PEER;
530530
verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
531+
SSL_set_verify(ssn->ssl, verify_mode, cbtls_verify);
531532
}
532-
SSL_set_verify(ssn->ssl, verify_mode, cbtls_verify);
533533

534534
SSL_set_ex_data(ssn->ssl, FR_TLS_EX_INDEX_CONF, (void *)conf);
535535
SSL_set_ex_data(ssn->ssl, FR_TLS_EX_INDEX_SSN, (void *)ssn);

0 commit comments

Comments
 (0)