- if (!preverify_ok && !conn->ca_cert_verify)
- preverify_ok = 1;
- if (!preverify_ok && depth > 0 && conn->server_cert_only)
+ if (!preverify_ok && !conn->ca_cert_verify) {
+ if (conn->validate_ca_cb) {
+ preverify_ok = conn->validate_ca_cb(preverify_ok, err_cert, conn->validate_ca_ctx);
+ wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb: validate_ca_cb returned %d", preverify_ok);
+ }
+ else {
+ preverify_ok = 1;
+ wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb: allowing cert because !conn->ca_cert_verify\n");
+ }
+ }
+ if (!preverify_ok && depth > 0 && conn->server_cert_only) {
+ wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb: allowing cert because depth > 0 && conn->server_cert_only\n");