Make auth_mode=required the default in ssl_client2
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index a0e1cb6..8d1b060 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -156,6 +156,7 @@
*/
printf( " . Verifying peer X.509 certificate..." );
+ /* In real life, we may want to bail out when ret != 0 */
if( ( ret = ssl_get_verify_result( ssl ) ) != 0 )
{
printf( " failed\n" );
@@ -590,6 +591,8 @@
printf( " ok\n" );
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
+ /* OPTIONAL is not optimal for security,
+ * but makes interop easier in this simplified example */
ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
