@@ -144,14 +144,15 @@ __ustream_ssl_context_new(bool server)
mbedtls_ssl_config_defaults(conf, ep, MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT);
- mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_NONE);
mbedtls_ssl_conf_rng(conf, _urandom, NULL);
if (server) {
+ mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_NONE);
mbedtls_ssl_conf_ciphersuites(conf, default_ciphersuites_server);
mbedtls_ssl_conf_min_version(conf, MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_3);
} else
+ mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
mbedtls_ssl_conf_ciphersuites(conf, default_ciphersuites_client);
#if defined(MBEDTLS_SSL_CACHE_C)
@@ -189,7 +190,6 @@ __hidden int __ustream_ssl_add_ca_crt_file(struct ustream_ssl_ctx *ctx, const ch
return -1;
mbedtls_ssl_conf_ca_chain(&ctx->conf, &ctx->ca_cert, NULL);
- mbedtls_ssl_conf_authmode(&ctx->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
return 0;
}