Don't ask for client cert when require_certificate is false.
This commit is contained in:
parent
ac00949793
commit
43556537e3
@ -43,6 +43,9 @@ Broker:
|
||||
- Add support for use_username_as_clientid which can be used with
|
||||
authentication to restrict ownership of client ids and hence prevent one
|
||||
client disconnecting another by using the same client id.
|
||||
- When "require_certificate" was false, the broker was incorrectly asking for
|
||||
a certificate (but not checking it). This caused problems with some clients
|
||||
and has been fixed so the broker no longer asks.
|
||||
|
||||
Clients:
|
||||
- Both clients can now load default configuration options from a file.
|
||||
|
@ -425,7 +425,7 @@ int mqtt3_socket_listen(struct _mqtt3_listener *listener)
|
||||
if(listener->require_certificate){
|
||||
SSL_CTX_set_verify(listener->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, client_certificate_verify);
|
||||
}else{
|
||||
SSL_CTX_set_verify(listener->ssl_ctx, SSL_VERIFY_PEER, client_certificate_verify);
|
||||
SSL_CTX_set_verify(listener->ssl_ctx, SSL_VERIFY_NONE, client_certificate_verify);
|
||||
}
|
||||
rc = SSL_CTX_use_certificate_chain_file(listener->ssl_ctx, listener->certfile);
|
||||
if(rc != 1){
|
||||
|
Loading…
Reference in New Issue
Block a user