- DEBUG(D_tls) debug_printf("TLS: server certificate verification not required\n");
- state->verify_requirement = VERIFY_NONE;
- /* we still ask for it, to log it, etc */
+ DEBUG(D_tls) debug_printf("TLS: server certificate verification required.\n");
+ state->verify_requirement = VERIFY_REQUIRED;
+ gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_REQUIRE);
+ }
+else if (verify_check_host(&try_verify_hosts) == OK)
+ {
+ DEBUG(D_tls) debug_printf("TLS: server certificate verification optional.\n");
+ state->verify_requirement = VERIFY_OPTIONAL;