Fix CERT_REQUIRED verify mode not setting SSL_VERIFY_FAIL_IF_NO_PEER_CERT and therefore failing to verify the client cert.

kareem-wolfssl · kareem-wolfssl · commit b4517dece79f · 2025-12-15T11:58:26.000-07:00
Thanks to Matan Radomski for the report.
diff --git a/tests/test_context.py b/tests/test_context.py
@@ -39,6 +39,9 @@ def test_verify_mode(ssl_provider, ssl_context):
 
     assert ssl_context.verify_mode == ssl_provider.CERT_NONE
 
+    ssl_context.verify_mode = ssl_provider.CERT_OPTIONAL
+    assert ssl_context.verify_mode == ssl_provider.CERT_OPTIONAL
+
     ssl_context.verify_mode = ssl_provider.CERT_REQUIRED
     assert ssl_context.verify_mode == ssl_provider.CERT_REQUIRED
 
diff --git a/wolfssl/__init__.py b/wolfssl/__init__.py
@@ -55,10 +55,15 @@
     PROTOCOL_DTLSv1_3, WolfSSLMethod as _WolfSSLMethod
 )
 
-CERT_NONE = 0
-CERT_REQUIRED = 1
+_SSL_VERIFY_NONE = 0
+_SSL_VERIFY_PEER = 1
+_SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2
 
-_VERIFY_MODE_LIST = [CERT_NONE, CERT_REQUIRED]
+CERT_NONE = _SSL_VERIFY_NONE
+CERT_OPTIONAL = _SSL_VERIFY_PEER
+CERT_REQUIRED = (_SSL_VERIFY_PEER | _SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
+
+_VERIFY_MODE_LIST = [CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED]
 
 _SSL_SUCCESS = 1
 _SSL_FILETYPE_PEM = 1
