From 5266293a0fdee57fe6bb8a408a2e2ff0c66f0259 Mon Sep 17 00:00:00 2001
From: Yossi Gottlieb <yossigo@users.noreply.github.com>
Date: Fri, 10 Jul 2020 10:32:21 +0300
Subject: [PATCH] TLS: Ignore client cert when tls-auth-clients off. (#7457)

---
 src/tls.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/tls.c b/src/tls.c
index a62f2284e..4b9948195 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -337,9 +337,7 @@ connection *connCreateAcceptedTLS(int fd, int require_auth) {
     conn->c.state = CONN_STATE_ACCEPTING;
 
     if (!require_auth) {
-        /* We still verify certificates if provided, but don't require them.
-         */
-        SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, NULL);
+        SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
     }
 
     SSL_set_fd(conn->ssl, conn->c.fd);