Function esp_idf_svc::sys::mbedtls_ssl_conf_authmode
source · pub unsafe extern "C" fn mbedtls_ssl_conf_authmode(
conf: *mut mbedtls_ssl_config,
authmode: i32,
)
Expand description
\brief Set the certificate verification mode Default: NONE on server, REQUIRED on client
\param conf SSL configuration \param authmode can be:
MBEDTLS_SSL_VERIFY_NONE: peer certificate is not checked (default on server) (insecure on client)
MBEDTLS_SSL_VERIFY_OPTIONAL: peer certificate is checked, however the handshake continues even if verification failed; mbedtls_ssl_get_verify_result() can be called after the handshake is complete.
MBEDTLS_SSL_VERIFY_REQUIRED: peer must present a valid certificate, handshake is aborted if verification failed. (default on client)
\note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode. With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at the right time(s), which may not be obvious, while REQUIRED always perform the verification as soon as possible. For example, REQUIRED was protecting against the “triple handshake” attack even before it was found.