net: add TLS_PEER_VERIFY option to zephyr net platform

platform/net/zephyr/src/mender-net.c

@@ -33,6 +33,13 @@
 #include "mender-net.h"
 #include "mender-utils.h"
 
+/**
+ * @brief Default TLS_PEER_VERIFY option
+ */
+#ifndef CONFIG_MENDER_NET_TLS_PEER_VERIFY
+#define CONFIG_MENDER_NET_TLS_PEER_VERIFY (2)
+#endif /* CONFIG_MENDER_NET_TLS_PEER_VERIFY */
+
 mender_err_t
 mender_net_get_host_port_url(char *path, char *config_host, char **host, char **port, char **url) {
 
@@ -148,7 +155,7 @@ mender_net_connect(const char *host, const char *port, int *sock) {
         goto END;
     }
 
-    /* Set SOL_TLS option */
+    /* Set TLS_HOSTNAME option */
     if ((result = setsockopt(*sock, SOL_TLS, TLS_HOSTNAME, host, strlen(host))) < 0) {
         mender_log_error("Unable to set TLS_HOSTNAME option, result = %d", result);
         close(*sock);
@@ -157,6 +164,16 @@ mender_net_connect(const char *host, const char *port, int *sock) {
         goto END;
     }
 
+    /* Set TLS_PEER_VERIFY option */
+    int verify = CONFIG_MENDER_NET_TLS_PEER_VERIFY;
+    if ((result = setsockopt(*sock, SOL_TLS, TLS_PEER_VERIFY, &verify, sizeof(int))) < 0) {
+        mender_log_error("Unable to set TLS_PEER_VERIFY option, result = %d", result);
+        close(*sock);
+        *sock = -1;
+        ret   = MENDER_FAIL;
+        goto END;
+    }
+
 #endif /* CONFIG_NET_SOCKETS_SOCKOPT_TLS */
 
     /* Connect to the host */

zephyr/Kconfig

@@ -167,6 +167,13 @@ if MENDER_MCU_CLIENT
             help
                 A security tag that ROOT CA server credential will be referenced with, see tls_credential_add.
 
+        config MENDER_NET_TLS_PEER_VERIFY
+            int "TLS_PEER_VERIFY option"
+            range 0 2
+            default 2
+            help
+                Peer verification level for TLS connection.
+
         if MENDER_CLIENT_ADD_ON_TROUBLESHOOT
 
             config MENDER_WEBSOCKET_THREAD_STACK_SIZE