Able to veerify peer certificate via conf file

diff --git a/lib/unitls.c b/lib/unitls.c
index a2ad0e3f5fc8d11449d5383f72bdcc833228b60e..a7a954ab5c9a6e650d397de21d6f96bf30f5b494 100644 (file)
--- a/lib/unitls.c
+++ b/lib/unitls.c
@@ -160,6 +160,7 @@ static int set_crypting(TLSTYP *tls)
 #define OPEP    "unitls.c:set_crypting"
 
 static const char *cenv[]={"CA_KEY","CA_CERT","CA_ROOT"};
+static const char *envver="CA_VERIFY";
 
 int done;
 const char *certs[sizeof(cenv)/sizeof(char *)];
@@ -172,17 +173,12 @@ done=false;
 tls_methode=TLS_client_method;
 if (tls->server==true)
   tls_methode=TLS_server_method;
-phase=0;
 mode=SSL_VERIFY_NONE;
-//mode=SSL_VERIFY_PEER; //to have both end check peer certificate
 phase=0;
 proceed=true;
 while (proceed==true) {
   switch (phase) {
     case 0      :       //loading certificate names
-      certs[0]=getenv("CA_KEY");
-      certs[1]=getenv("CA_CERT");
-      certs[2]=getenv("CA_ROOT");
       for (int i=0;i<(sizeof(cenv)/sizeof(char *));i++) {
         certs[i]=getenv(cenv[i]);
         if (certs[i]==(char *)0) {
@@ -191,6 +187,11 @@ while (proceed==true) {
           phase=999;    //missing  certificate info.
           }
         }
+      if (getenv(envver)!=(char *)0) {  //env value can be missing
+        if (atoi(getenv(envver))!=0) {
+          mode=SSL_VERIFY_PEER; //to make sure peer certificate is OK
+          }
+        }
       break;
     case 1      :       //pre-configure SSL
       (void) SSL_library_init();