User should validate the server certificate, not the CA certificate

[mech_eap.git] / libeap / src / eap_peer / eap_tls_common.c

diff --git a/libeap/src/eap_peer/eap_tls_common.c b/libeap/src/eap_peer/eap_tls_common.c
index b1f9300..bc4482a 100644 (file)
--- a/libeap/src/eap_peer/eap_tls_common.c
+++ b/libeap/src/eap_peer/eap_tls_common.c
@@ -103,6 +103,8 @@ static void eap_tls_params_from_conf1(struct tls_connection_params *params,
        params->cert_id = config->cert_id;
        params->ca_cert_id = config->ca_cert_id;
        eap_tls_params_flags(params, config->phase1);
+    params->server_cert_cb = config->server_cert_cb;
+    params->server_cert_ctx = config->server_cert_ctx;
 }
 
 
@@ -126,6 +128,8 @@ static void eap_tls_params_from_conf2(struct tls_connection_params *params,
        params->cert_id = config->cert2_id;
        params->ca_cert_id = config->ca_cert2_id;
        eap_tls_params_flags(params, config->phase2);
+    params->server_cert_cb = config->server_cert_cb;
+    params->server_cert_ctx = config->server_cert_ctx;
 }