From 07e1a03151db49e69f3ee584eb7f9390b30e6459 Mon Sep 17 00:00:00 2001
From: "Jean-Marc Pigeon (Delson)" <jmp@safe.ca>
Date: Mon, 5 May 2025 06:38:44 -0400
Subject: [PATCH] Able to veerify peer certificate via conf file

---
 lib/unitls.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/lib/unitls.c b/lib/unitls.c
index a2ad0e3..a7a954a 100644
--- a/lib/unitls.c
+++ b/lib/unitls.c
@@ -160,6 +160,7 @@ static int set_crypting(TLSTYP *tls)
 #define OPEP    "unitls.c:set_crypting"
 
 static const char *cenv[]={"CA_KEY","CA_CERT","CA_ROOT"};
+static const char *envver="CA_VERIFY";
 
 int done;
 const char *certs[sizeof(cenv)/sizeof(char *)];
@@ -172,17 +173,12 @@ done=false;
 tls_methode=TLS_client_method;
 if (tls->server==true)
   tls_methode=TLS_server_method;
-phase=0;
 mode=SSL_VERIFY_NONE;
-//mode=SSL_VERIFY_PEER; //to have both end check peer certificate
 phase=0;
 proceed=true;
 while (proceed==true) {
   switch (phase) {
     case 0      :       //loading certificate names
-      certs[0]=getenv("CA_KEY");
-      certs[1]=getenv("CA_CERT");
-      certs[2]=getenv("CA_ROOT");
       for (int i=0;i<(sizeof(cenv)/sizeof(char *));i++) {
         certs[i]=getenv(cenv[i]);
         if (certs[i]==(char *)0) {
@@ -191,6 +187,11 @@ while (proceed==true) {
           phase=999;    //missing  certificate info.
           }
         }
+      if (getenv(envver)!=(char *)0) {  //env value can be missing
+        if (atoi(getenv(envver))!=0) {
+          mode=SSL_VERIFY_PEER; //to make sure peer certificate is OK
+          }
+        }
       break;
     case 1      :       //pre-configure SSL
       (void) SSL_library_init();
-- 
2.47.3