From 493897d67c1300393415ddb824601a387572930a Mon Sep 17 00:00:00 2001
From: William Pitcock <nenolod@dereferenced.org>
Date: Fri, 4 Dec 2015 22:42:10 -0600
Subject: [PATCH] mbedtls: use server certificate for client mode too

---
 libratbox/src/mbedtls.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/libratbox/src/mbedtls.c b/libratbox/src/mbedtls.c
index b7f6630e..d7e5658b 100644
--- a/libratbox/src/mbedtls.c
+++ b/libratbox/src/mbedtls.c
@@ -357,7 +357,10 @@ rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile)
 	}
 
 	if (x509.next)
+	{
 		mbedtls_ssl_conf_ca_chain(&serv_config, x509.next, NULL);
+		mbedtls_ssl_conf_ca_chain(&client_config, x509.next, NULL);
+	}
 
 	if ((ret = mbedtls_ssl_conf_own_cert(&serv_config, &x509, &serv_pk)) != 0)
 	{
@@ -365,6 +368,12 @@ rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile)
 		return 0;
 	}
 
+	if ((ret = mbedtls_ssl_conf_own_cert(&client_config, &x509, &serv_pk)) != 0)
+	{
+		rb_lib_log("rb_setup_ssl_server: failed to set up own certificate: -0x%x", -ret);
+		return 0;
+	}
+
 	return 1;
 }