Make auth_mode=required the default in ssl_client2

commit: 516eb623df23607d807aac112fdabf498e2af2a8 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Mar 11 11:10:27 2014 +0100
committer: Paul Bakker <p.j.bakker@polarssl.org> Tue Jul 08 11:13:15 2014 +0200
tree: eec6fa6f993270d37ff5a83d081e040234c107a4
parent: 8a56d3044d123f517d4cebbbadd62f320d39df1e [diff] [blame]
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index a902376..eefb099 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c

@@ -157,6 +157,8 @@
     printf( " ok\n" );
 
     ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
+    /* OPTIONAL is not optimal for security,
+     * but makes interop easier in this simplified example */
     ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
     ssl_set_ca_chain( &ssl, &cacert, NULL, "PolarSSL Server 1" );
 
@@ -187,6 +189,7 @@
      */
     printf( "  . Verifying peer X.509 certificate..." );
 
+    /* In real life, we may want to bail out when ret != 0 */
     if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
     {
         printf( " failed\n" );
commit	516eb623df23607d807aac112fdabf498e2af2a8	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Tue Mar 11 11:10:27 2014 +0100
committer	Paul Bakker <p.j.bakker@polarssl.org>	Tue Jul 08 11:13:15 2014 +0200
tree	eec6fa6f993270d37ff5a83d081e040234c107a4
parent	8a56d3044d123f517d4cebbbadd62f320d39df1e [diff] [blame]