MXS-2786: Require certificates when verifying peers

When peer verification is enabled, clients must present a certificate.
2019-12-03 10:14:16 +02:00
parent 255071efce
commit 9e9abbe8be
1 changed files with 1 additions and 1 deletions
--- a/server/core/listener.cc
+++ b/server/core/listener.cc
@ -414,7 +414,7 @@ bool SSL_LISTENER_init(SSL_LISTENER* ssl)
    /* Set to require peer (client) certificate verification */
    if (ssl->ssl_verify_peer_certificate)
    {
-        SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
+        SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
    }

    /* Set the verification depth */