I see from the code that it is passing SSL_VERIFY_NONE to
SSL_CTX_set_verify()
From the man page:
SSL_VERIFY_NONE
Server mode: the server will not send a client
certificate request to the client, so the client will
not send a certificate.
Client mode: if not using an anonymous cipher (by
default disabled), the server will send a certificate
which will be checked. The result of the certificate
verification process can be checked after the TLS/SSL
handshake using the SSL_get_verify_result(3) function.
The handshake will be continued regardless of the
verification result.
This is the answer for the case. Personally I'm not happy with this
however it is what gkrellm does and it answers my question. I would
like the project team to file a bug upstream (if there isn't one
already) to provide functionality to actually verify the server's
SSL/TLS certificate.
--
Darren J Moffat
