From 6808a0b500b1a5ca2c5572ab18483b60f20f851f Mon Sep 17 00:00:00 2001
From: Benjamin Sergeant <bsergean@gmail.com>
Date: Wed, 20 Nov 2019 13:58:08 -0800
Subject: [PATCH] On Darwin SSL, add ability to skip peer verification.

---
 DOCKER_VERSION                   |  2 +-
 docs/CHANGELOG.md                |  4 ++++
 ixwebsocket/IXSocketAppleSSL.cpp | 28 +++++++++++++++++++++++++---
 ixwebsocket/IXWebSocketVersion.h |  2 +-
 4 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/DOCKER_VERSION b/DOCKER_VERSION
index c968a576..d9edd15e 100644
--- a/DOCKER_VERSION
+++ b/DOCKER_VERSION
@@ -1 +1 @@
-7.3.4
+7.3.5
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index b1d11a6a..db732569 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -1,6 +1,10 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## [7.3.5] - 2019-11-20
+
+- On Darwin SSL, add ability to skip peer verification.
+
 ## [7.3.4] - 2019-11-20
 
 - 32-bits compile fix, courtesy of @fcojavmc
diff --git a/ixwebsocket/IXSocketAppleSSL.cpp b/ixwebsocket/IXSocketAppleSSL.cpp
index 479125b0..5102bfeb 100644
--- a/ixwebsocket/IXSocketAppleSSL.cpp
+++ b/ixwebsocket/IXSocketAppleSSL.cpp
@@ -168,10 +168,32 @@ namespace ix
             SSLSetProtocolVersionMin(_sslContext, kTLSProtocol12);
             SSLSetPeerDomainName(_sslContext, host.c_str(), host.size());
 
-            do
+            if (_tlsOptions.isPeerVerifyDisabled())
             {
-                status = SSLHandshake(_sslContext);
-            } while (errSSLWouldBlock == status || errSSLServerAuthCompleted == status);
+                Boolean option(1);
+                SSLSetSessionOption(_sslContext, kSSLSessionOptionBreakOnServerAuth, option);
+
+                do
+                {
+                    status = SSLHandshake(_sslContext);
+                } while (errSSLWouldBlock == status || errSSLServerAuthCompleted == status);
+
+                if (status == errSSLServerAuthCompleted)
+                {
+                    // proceed with the handshake
+                    do
+                    {
+                        status = SSLHandshake(_sslContext);
+                    } while (errSSLWouldBlock == status || errSSLServerAuthCompleted == status);
+                }
+            }
+            else
+            {
+                do
+                {
+                    status = SSLHandshake(_sslContext);
+                } while (errSSLWouldBlock == status || errSSLServerAuthCompleted == status);
+            }
         }
 
         if (noErr != status)
diff --git a/ixwebsocket/IXWebSocketVersion.h b/ixwebsocket/IXWebSocketVersion.h
index efcf8b05..ba91a595 100644
--- a/ixwebsocket/IXWebSocketVersion.h
+++ b/ixwebsocket/IXWebSocketVersion.h
@@ -6,4 +6,4 @@
 
 #pragma once
 
-#define IX_WEBSOCKET_VERSION "7.3.4"
+#define IX_WEBSOCKET_VERSION "7.3.5"