diff --git a/adapters/httpapi_compact.c b/adapters/httpapi_compact.c index 23c0ce74f..ab7a9525a 100644 --- a/adapters/httpapi_compact.c +++ b/adapters/httpapi_compact.c @@ -57,6 +57,7 @@ typedef struct HTTP_HANDLE_DATA_TAG unsigned int is_connected : 1; unsigned int send_completed : 1; bool tls_renegotiation; + bool tls_verification; } HTTP_HANDLE_DATA; /*the following function does the same as sscanf(pos2, "%d", &sec)*/ @@ -1446,6 +1447,12 @@ HTTPAPI_RESULT HTTPAPI_SetOption(HTTP_HANDLE handle, const char* optionName, con http_instance->tls_renegotiation = tls_renegotiation; result = HTTPAPI_OK; } + else if (strcmp(OPTION_DISABLE_TLS_VERIFICATION, optionName) == 0) + { + bool tls_verification = *(bool*)value; + http_instance->tls_verification = tls_verification; + result = HTTPAPI_OK; + } else { /*Codes_SRS_HTTPAPI_COMPACT_21_063: [ If the HTTP do not support the optionName, the HTTPAPI_SetOption shall return HTTPAPI_INVALID_ARG. ]*/ diff --git a/adapters/tlsio_mbedtls.c b/adapters/tlsio_mbedtls.c index 0b4aa3e85..e8f33cb8e 100644 --- a/adapters/tlsio_mbedtls.c +++ b/adapters/tlsio_mbedtls.c @@ -1028,6 +1028,20 @@ int tlsio_mbedtls_setoption(CONCRETE_IO_HANDLE tls_io, const char *optionName, c mbedtls_ssl_conf_renegotiation(&tls_io_instance->config, set_renegotiation ? 1 : 0); result = 0; } + } + else if (strcmp(optionName, OPTION_DISABLE_TLS_VERIFICATION) == 0) + { + if (value == NULL) + { + LogError("Invalid value set for tls verification"); + result = MU_FAILURE; + } + else + { + bool set_verification = *((bool*)(value)); + mbedtls_ssl_conf_authmode(&tls_io_instance->config, set_verification ? MBEDTLS_SSL_VERIFY_NONE: MBEDTLS_SSL_VERIFY_REQUIRED); + result = 0 ; + } } else {