From 55c3fd89d50805b7bdd5bcee3a43986f983f20db Mon Sep 17 00:00:00 2001
From: =?utf8?q?Petr=20=C5=A0tetiar?= <ynezz@true.cz>
Date: Thu, 10 Dec 2020 12:21:33 +0100
Subject: [PATCH] ustream-mbedtls: implement set_require_validation
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

In commit "ustream-openssl: wolfSSL: fix certificate validation" we've
added new set_require_validation() function so implement it for mbed TLS
as well.

Signed-off-by: Petr Å tetiar <ynezz@true.cz>
---
 ustream-mbedtls.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
index 3424743..1bea983 100644
--- a/ustream-mbedtls.c
+++ b/ustream-mbedtls.c
@@ -290,6 +290,18 @@ __hidden int __ustream_ssl_set_ciphers(struct ustream_ssl_ctx *ctx, const char *
 	return 0;
 }
 
+__hidden int __ustream_ssl_set_require_validation(struct ustream_ssl_ctx *ctx, bool require)
+{
+	int mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
+
+	if (!require)
+		mode = MBEDTLS_SSL_VERIFY_NONE;
+
+	mbedtls_ssl_conf_authmode(&ctx->conf, mode);
+
+	return 0;
+}
+
 __hidden void __ustream_ssl_context_free(struct ustream_ssl_ctx *ctx)
 {
 #if defined(MBEDTLS_SSL_CACHE_C)
-- 
2.30.2