#define OPEP "unitls.c:set_crypting"
static const char *cenv[]={"CA_KEY","CA_CERT","CA_ROOT"};
+static const char *envver="CA_VERIFY";
int done;
const char *certs[sizeof(cenv)/sizeof(char *)];
tls_methode=TLS_client_method;
if (tls->server==true)
tls_methode=TLS_server_method;
-phase=0;
mode=SSL_VERIFY_NONE;
-//mode=SSL_VERIFY_PEER; //to have both end check peer certificate
phase=0;
proceed=true;
while (proceed==true) {
switch (phase) {
case 0 : //loading certificate names
- certs[0]=getenv("CA_KEY");
- certs[1]=getenv("CA_CERT");
- certs[2]=getenv("CA_ROOT");
for (int i=0;i<(sizeof(cenv)/sizeof(char *));i++) {
certs[i]=getenv(cenv[i]);
if (certs[i]==(char *)0) {
phase=999; //missing certificate info.
}
}
+ if (getenv(envver)!=(char *)0) { //env value can be missing
+ if (atoi(getenv(envver))!=0) {
+ mode=SSL_VERIFY_PEER; //to make sure peer certificate is OK
+ }
+ }
break;
case 1 : //pre-configure SSL
(void) SSL_library_init();