ssl_pm_reload_crt() - Fix verify_mode checking to match openssl docum…

…entation https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_verify.html

Merges espressif#2162

components/openssl/platform/ssl_pm.c

@@ -220,11 +220,11 @@ static int ssl_pm_reload_crt(SSL *ssl)
     struct pkey_pm *pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm;
     struct x509_pm *crt_pm = (struct x509_pm *)ssl->cert->x509->x509_pm;
 
-    if (ssl->verify_mode == SSL_VERIFY_PEER)
+    if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
         mode = MBEDTLS_SSL_VERIFY_REQUIRED;
-    else if (ssl->verify_mode == SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
+    else if (ssl->verify_mode & SSL_VERIFY_PEER)
         mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
-    else if (ssl->verify_mode == SSL_VERIFY_CLIENT_ONCE)
+    else if (ssl->verify_mode & SSL_VERIFY_CLIENT_ONCE)
         mode = MBEDTLS_SSL_VERIFY_UNSET;
     else
         mode = MBEDTLS_SSL_VERIFY_NONE;