https://telecominfraproject.atlassian.net/browse/WIFI-7831

Signed-off-by: stephb9959 <[email protected]>
Telecominfraproject · Sep 13, 2023 · 32f0945 · 32f0945
1 parent bc8f714
commit 32f0945
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/src/framework/SubSystemServer.cpp b/src/framework/SubSystemServer.cpp
@@ -37,6 +37,7 @@ namespace OpenWifi {
 		P.cipherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH";
 		P.dhUse2048Bits = true;
 		P.caLocation = cas_;
+        // P.securityLevel =
 
 		auto Context = Poco::AutoPtr<Poco::Net::Context>(
 			new Poco::Net::Context(Poco::Net::Context::TLS_SERVER_USE, P));
@@ -75,11 +76,12 @@ namespace OpenWifi {
 				L.fatal(fmt::format("Wrong Certificate({}) for Key({})", cert_file_, key_file_));
 			}
 
-            SSL_CTX_set_verify(SSLCtx, SSL_VERIFY_PEER, nullptr);
+            SSL_CTX_set_verify(SSLCtx, level_==Poco::Net::Context::VERIFY_NONE ? SSL_VERIFY_NONE : SSL_VERIFY_PEER, nullptr);
+
 			if (level_ == Poco::Net::Context::VERIFY_STRICT) {
 				SSL_CTX_set_client_CA_list(SSLCtx, SSL_load_client_CA_file(client_cas_.c_str()));
+                SSL_CTX_enable_ct(SSLCtx, SSL_CT_VALIDATION_STRICT);
 			}
-			SSL_CTX_enable_ct(SSLCtx, SSL_CT_VALIDATION_STRICT);
 			SSL_CTX_dane_enable(SSLCtx);
 
 			Context->enableSessionCache();