Don't verify server certificate if we're using PSK.

[radsecproxy.git] / lib / event.c

diff --git a/lib/event.c b/lib/event.c
index 3ebc5a7..78a9156 100644 (file)
--- a/lib/event.c
+++ b/lib/event.c
@@ -246,8 +246,9 @@ event_on_connect (struct rs_connection *conn, struct rs_packet *pkt)
   assert (!conn->is_connecting);
 
 #if defined (RS_ENABLE_TLS)
-  if (conn->realm->type == RS_CONN_TYPE_TLS
-      || conn->realm->type == RS_CONN_TYPE_DTLS)
+  if ((conn->realm->type == RS_CONN_TYPE_TLS
+       || conn->realm->type == RS_CONN_TYPE_DTLS)
+      && conn->realm->transport_cred->type != RS_CRED_TLS_PSK)
     if (tls_verify_cert (conn) != RSE_OK)
       {
         rs_debug (("%s: server cert verification failed\n", __func__));