From d8a3ab7d56df99fdac3ebd44d4aab67b95c9cad3 Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Sat, 2 Aug 2014 21:40:54 +0100
Subject: [PATCH] Don't ask client for certificate when require_certificate is
 false.

Thanks to Jan-Piet Mens.
---
 ChangeLog.txt | 7 +++++++
 src/net.c     | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog.txt b/ChangeLog.txt
index c797a3e3..73fbaa98 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,10 @@
+1.3.4 - 20140802
+================
+
+Broker:
+- Don't ask client for certificate when require_certificate is false.
+
+
 1.3.3 - 20140801
 ================
 
diff --git a/src/net.c b/src/net.c
index e2858149..1d7e45dc 100644
--- a/src/net.c
+++ b/src/net.c
@@ -441,7 +441,7 @@ int mqtt3_socket_listen(struct _mqtt3_listener *listener)
 			if(listener->require_certificate){
 				SSL_CTX_set_verify(listener->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, client_certificate_verify);
 			}else{
-				SSL_CTX_set_verify(listener->ssl_ctx, SSL_VERIFY_PEER, client_certificate_verify);
+				SSL_CTX_set_verify(listener->ssl_ctx, SSL_VERIFY_NONE, client_certificate_verify);
 			}
 			rc = SSL_CTX_use_certificate_chain_file(listener->ssl_ctx, listener->certfile);
 			if(rc != 1){