From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Fri, 8 Oct 2021 21:40:14 +0000 (-0500)
Subject: We really only want to verify the client by default
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fba766ea4fb234c7212f095325062971b6a34d3d;p=thirdparty%2Ffreeradius-server.git

We really only want to verify the client by default
---

diff --git a/src/lib/tls/conf.c b/src/lib/tls/conf.c
index 651afab9da9..0fae16940ee 100644
--- a/src/lib/tls/conf.c
+++ b/src/lib/tls/conf.c
@@ -143,7 +143,7 @@ static CONF_PARSER tls_verify_config[] = {
 			 	.table = verify_mode_table,
 			 	.len = &verify_mode_table_len
 			 },
-			 .dflt = "client-and-issuer" },
+			 .dflt = "client" }, /* Don't change this */
 	{ FR_CONF_OFFSET("check_crl", FR_TYPE_BOOL, fr_tls_verify_conf_t, check_crl), .dflt = "no" },
 	{ FR_CONF_OFFSET("allow_expired_crl", FR_TYPE_BOOL, fr_tls_verify_conf_t, allow_expired_crl) },
 	CONF_PARSER_TERMINATOR