From 96d602ac84d856c26a9065bfccbe2b98237db271 Mon Sep 17 00:00:00 2001 From: Lee Clagett Date: Sun, 17 Mar 2019 16:11:42 -0400 Subject: Add `verify_fail_if_no_cert` option for proper client authentication Using `verify_peer` on server side requests a certificate from the client. If no certificate is provided, the server silently accepts the connection and rejects if the client sends an unexpected certificate. Adding `verify_fail_if_no_cert` has no affect on client and for server requires that the peer sends a certificate or fails the handshake. This is the desired behavior when the user specifies a fingerprint or CA file. --- contrib/epee/src/net_ssl.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/epee/src/net_ssl.cpp b/contrib/epee/src/net_ssl.cpp index 1d137219a..a87792fb8 100644 --- a/contrib/epee/src/net_ssl.cpp +++ b/contrib/epee/src/net_ssl.cpp @@ -330,7 +330,7 @@ bool ssl_options_t::handshake(boost::asio::ssl::stream