From 5e630c8b99499bad6d64cf373aeb0891979888a9 Mon Sep 17 00:00:00 2001
From: stephb9959 <stephane.bourque@gmail.com>
Date: Wed, 13 Sep 2023 13:15:04 -0700
Subject: [PATCH] https://telecominfraproject.atlassian.net/browse/WIFI-7831

Signed-off-by: stephb9959 <stephane.bourque@gmail.com>
---
 build                             | 2 +-
 src/framework/SubSystemServer.cpp | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/build b/build
index d8263ee..e440e5c 100644
--- a/build
+++ b/build
@@ -1 +1 @@
-2
\ No newline at end of file
+3
\ No newline at end of file
diff --git a/src/framework/SubSystemServer.cpp b/src/framework/SubSystemServer.cpp
index db4dc14..9dda8a3 100644
--- a/src/framework/SubSystemServer.cpp
+++ b/src/framework/SubSystemServer.cpp
@@ -37,6 +37,7 @@ namespace OpenWifi {
 		P.cipherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH";
 		P.dhUse2048Bits = true;
 		P.caLocation = cas_;
+        // P.securityLevel =
 
 		auto Context = Poco::AutoPtr<Poco::Net::Context>(
 			new Poco::Net::Context(Poco::Net::Context::TLS_SERVER_USE, P));
@@ -75,11 +76,12 @@ namespace OpenWifi {
 				L.fatal(fmt::format("Wrong Certificate({}) for Key({})", cert_file_, key_file_));
 			}
 
-            SSL_CTX_set_verify(SSLCtx, SSL_VERIFY_PEER, nullptr);
+            SSL_CTX_set_verify(SSLCtx, level_==Poco::Net::Context::VERIFY_NONE ? SSL_VERIFY_NONE : SSL_VERIFY_PEER, nullptr);
+
 			if (level_ == Poco::Net::Context::VERIFY_STRICT) {
 				SSL_CTX_set_client_CA_list(SSLCtx, SSL_load_client_CA_file(client_cas_.c_str()));
+                SSL_CTX_enable_ct(SSLCtx, SSL_CT_VALIDATION_STRICT);
 			}
-			SSL_CTX_enable_ct(SSLCtx, SSL_CT_VALIDATION_STRICT);
 			SSL_CTX_dane_enable(SSLCtx);
 
 			Context->enableSessionCache();