Change authmode default to Required on client

commit: fa44f20b9fd9fdffb55fa365a28ff15c34ca22cd [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Mar 27 17:52:25 2015 +0100
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Mar 27 17:52:25 2015 +0100
tree: a8866e444295f44a18a6edba95ffc752a370e86b
parent: 606df8c1996b66407c5a899b5dca419491e9db97 [diff]
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 93ab15b..9259976 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c

@@ -86,7 +86,7 @@
 #define DFL_MIN_VERSION         SSL_MINOR_VERSION_1
 #define DFL_MAX_VERSION         -1
 #define DFL_ARC4                -1
-#define DFL_AUTH_MODE           SSL_VERIFY_REQUIRED
+#define DFL_AUTH_MODE           -1
 #define DFL_MFL_CODE            SSL_MAX_FRAG_LEN_NONE
 #define DFL_TRUNC_HMAC          -1
 #define DFL_RECSPLIT            -1
@@ -229,7 +229,7 @@
     "\n"                                                    \
     USAGE_DTLS                                              \
     "\n"                                                    \
-    "    auth_mode=%%s        default: \"required\"\n"      \
+    "    auth_mode=%%s        default: (library default: none)\n"      \
     "                        options: none, optional, required\n" \
     USAGE_IO                                                \
     "\n"                                                    \
@@ -249,7 +249,7 @@
     USAGE_ETM                                               \
     USAGE_RECSPLIT                                          \
     "\n"                                                    \
-    "    arc4=%%d             default: (library default)\n" \
+    "    arc4=%%d             default: (library default: 0)\n" \
     "    min_version=%%s      default: \"\" (ssl3)\n"       \
     "    max_version=%%s      default: \"\" (tls1_2)\n"     \
     "    force_version=%%s    default: \"\" (none)\n"       \
@@ -1074,7 +1074,8 @@
 #endif
 
     ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
-    ssl_set_authmode( &ssl, opt.auth_mode );
+    if( opt.auth_mode != DFL_AUTH_MODE )
+        ssl_set_authmode( &ssl, opt.auth_mode );
 
 #if defined(POLARSSL_SSL_PROTO_DTLS)
     if( ( ret = ssl_set_transport( &ssl, opt.transport ) ) != 0 )

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 8a3010f..c2beec7 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c

@@ -102,7 +102,7 @@
 #define DFL_MIN_VERSION         SSL_MINOR_VERSION_1
 #define DFL_MAX_VERSION         -1
 #define DFL_ARC4                -1
-#define DFL_AUTH_MODE           SSL_VERIFY_OPTIONAL
+#define DFL_AUTH_MODE           -1
 #define DFL_MFL_CODE            SSL_MAX_FRAG_LEN_NONE
 #define DFL_TRUNC_HMAC          -1
 #define DFL_TICKETS             SSL_SESSION_TICKETS_ENABLED
@@ -296,7 +296,7 @@
     USAGE_ANTI_REPLAY                                       \
     USAGE_BADMAC_LIMIT                                      \
     "\n"                                                    \
-    "    auth_mode=%%s        default: \"optional\"\n"      \
+    "    auth_mode=%%s        default: (library default: required)\n"      \
     "                        options: none, optional, required\n" \
     USAGE_IO                                                \
     USAGE_SNI                                               \
@@ -315,7 +315,7 @@
     USAGE_EMS                                               \
     USAGE_ETM                                               \
     "\n"                                                    \
-    "    arc4=%%d             default: (library default)\n" \
+    "    arc4=%%d             default: (library default: 0)\n" \
     "    min_version=%%s      default: \"ssl3\"\n"          \
     "    max_version=%%s      default: \"tls1_2\"\n"        \
     "    force_version=%%s    default: \"\" (none)\n"       \
@@ -1524,7 +1524,8 @@
     }
 
     ssl_set_endpoint( &ssl, SSL_IS_SERVER );
-    ssl_set_authmode( &ssl, opt.auth_mode );
+    if( opt.auth_mode != DFL_AUTH_MODE )
+        ssl_set_authmode( &ssl, opt.auth_mode );
 
 #if defined(POLARSSL_SSL_PROTO_DTLS)
     if( ( ret = ssl_set_transport( &ssl, opt.transport ) ) != 0 )
commit	fa44f20b9fd9fdffb55fa365a28ff15c34ca22cd	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Mar 27 17:52:25 2015 +0100
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Mar 27 17:52:25 2015 +0100
tree	a8866e444295f44a18a6edba95ffc752a370e86b
parent	606df8c1996b66407c5a899b5dca419491e9db97 [diff]