From c75a9fef592a412de707b45ea1a6f814cf65a23f Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 15 Dec 2010 11:11:20 +0100
Subject: axtls_connect: allow connect without peer verification

The SSL_SERVER_VERIFY_LATER bit in the ssl_ctx_new() call allows the
code to verify the peer certificate explicitly after the handshake and
then the "data->set.ssl.verifypeer" option works.
---
 lib/axtls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/axtls.c b/lib/axtls.c
index 855b554b4..152de6f2c 100644
--- a/lib/axtls.c
+++ b/lib/axtls.c
@@ -156,7 +156,7 @@ Curl_axtls_connect(struct connectdata *conn,
   const char *x509;
 
   /* Assuming users will not compile in custom key/cert to axTLS */
-  uint32_t client_option = SSL_NO_DEFAULT_KEY;
+  uint32_t client_option = SSL_NO_DEFAULT_KEY|SSL_SERVER_VERIFY_LATER;
 
   if(conn->ssl[sockindex].state == ssl_connection_complete)
     /* to make us tolerant against being called more than once for the
-- 
cgit v1.2.3