From 4470cf7b49ccff7d122abccf88a0739f40d0b8ff Mon Sep 17 00:00:00 2001
From: Michael Stoll <michael.stoll@de-signo.de>
Date: Mon, 3 Mar 2025 18:10:54 +0100
Subject: [PATCH] fix: Force validate when using the default crt bundle

---
 .../wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c       | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c b/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c
index 4464dd9d46..cc3910dcde 100644
--- a/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c
+++ b/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c
@@ -537,6 +537,7 @@ static int set_client_config(const struct tls_connection_params *cfg, tls_contex
 #ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
     if (cfg->flags & TLS_CONN_USE_DEFAULT_CERT_BUNDLE) {
         wpa_printf(MSG_INFO, "Using default cert bundle");
+        mbedtls_ssl_conf_authmode(&tls->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
         if (esp_crt_bundle_attach_fn) {
             ret = (*esp_crt_bundle_attach_fn)(&tls->conf);
         }