return DISCONNECTED;
}
+#ifdef SSL_SUPPORT
+ /*
+ * This check is only done if RequireClientCert is disabled, and this Servers [SERVER] section has
+ * "SSLVerify" enabled.
+ * (if RequireClientCert is set, certificate validation is done during SSL/TLS handshake)
+ */
+ CONN_ID con = Client_Conn (Client);
+ if (Conf_Server[i].SSLVerify && !(Conn_Options(con) & CONN_SSL_PEERCERT_OK)) {
+ Log(LOG_ERR, "Connection %d: SSLVerify is set, and server \"%s\" did not present a valid certificate",
+ Client_Conn(Client), Req->argv[0]);
+ Conn_Close(Client_Conn(Client), NULL, "No valid SSL certificate", true);
+ return DISCONNECTED;
+ }
+#endif
+
/* Is there a registered server with this ID? */
if (!Client_CheckID(Client, Req->argv[0]))
return DISCONNECTED;