From 3e1633354afad06a4ccd60be22fd5e31abf9be3a Mon Sep 17 00:00:00 2001
From: Chris Morgan <chmorgan@gmail.com>
Date: Sat, 7 Jul 2018 15:54:47 -0400
Subject: [PATCH] ssl_pm_reload_crt() - Fix verify_mode checking to match
 openssl documentation
 https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_verify.html

Merges https://github.com/espressif/esp-idf/pull/2162
---
 components/openssl/platform/ssl_pm.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c
index cd9960da1..1448faa4e 100644
--- a/components/openssl/platform/ssl_pm.c
+++ b/components/openssl/platform/ssl_pm.c
@@ -220,11 +220,11 @@ static int ssl_pm_reload_crt(SSL *ssl)
     struct pkey_pm *pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm;
     struct x509_pm *crt_pm = (struct x509_pm *)ssl->cert->x509->x509_pm;
 
-    if (ssl->verify_mode == SSL_VERIFY_PEER)
+    if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
         mode = MBEDTLS_SSL_VERIFY_REQUIRED;
-    else if (ssl->verify_mode == SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
+    else if (ssl->verify_mode & SSL_VERIFY_PEER)
         mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
-    else if (ssl->verify_mode == SSL_VERIFY_CLIENT_ONCE)
+    else if (ssl->verify_mode & SSL_VERIFY_CLIENT_ONCE)
         mode = MBEDTLS_SSL_VERIFY_UNSET;
     else
         mode = MBEDTLS_SSL_VERIFY_NONE;