>From 39d6ba95c1c1cf2b33d916c15c40f8d6f223e60b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= <flecai...@haproxy.com> Date: Mon, 13 Mar 2017 13:41:16 +0100 Subject: [PATCH 14/31] MINOR: server: Make 'default-server' support 'verify' keyword. X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
This patch makes 'default-server' directive support 'verify' keyword. --- src/server.c | 4 ++++ src/ssl_sock.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/server.c b/src/server.c index ddb2842..b69d1d1 100644 --- a/src/server.c +++ b/src/server.c @@ -1295,6 +1295,10 @@ int parse_server(const char *file, int linenum, char **args, struct proxy *curpr newsrv->dns_opts.pref_net_nb = curproxy->defsrv.dns_opts.pref_net_nb; newsrv->init_addr_methods = curproxy->defsrv.init_addr_methods; newsrv->init_addr = curproxy->defsrv.init_addr; +#if defined(USE_OPENSSL) + /* SSL config. */ + newsrv->ssl_ctx.verify = curproxy->defsrv.ssl_ctx.verify; +#endif cur_arg = 3; } else { diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 802f0a0..5285e24 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -7517,7 +7517,7 @@ static struct srv_kw_list srv_kws = { "SSL", { }, { { "tlsv11", srv_parse_tlsv11, 0, 1 }, /* enable TLSv11 */ { "tlsv12", srv_parse_tlsv12, 0, 1 }, /* enable TLSv12 */ { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */ - { "verify", srv_parse_verify, 1, 0 }, /* set SSL verify method */ + { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */ { "verifyhost", srv_parse_verifyhost, 1, 0 }, /* require that SSL cert verifies for hostname */ { NULL, NULL, 0, 0 }, }}; -- 2.1.4