>From 39d6ba95c1c1cf2b33d916c15c40f8d6f223e60b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= <flecai...@haproxy.com>
Date: Mon, 13 Mar 2017 13:41:16 +0100
Subject: [PATCH 14/31] MINOR: server: Make 'default-server' support 'verify'
keyword.
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
This patch makes 'default-server' directive support 'verify' keyword.
---
src/server.c | 4 ++++
src/ssl_sock.c | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/server.c b/src/server.c
index ddb2842..b69d1d1 100644
--- a/src/server.c
+++ b/src/server.c
@@ -1295,6 +1295,10 @@ int parse_server(const char *file, int linenum, char **args, struct proxy *curpr
newsrv->dns_opts.pref_net_nb = curproxy->defsrv.dns_opts.pref_net_nb;
newsrv->init_addr_methods = curproxy->defsrv.init_addr_methods;
newsrv->init_addr = curproxy->defsrv.init_addr;
+#if defined(USE_OPENSSL)
+ /* SSL config. */
+ newsrv->ssl_ctx.verify = curproxy->defsrv.ssl_ctx.verify;
+#endif
cur_arg = 3;
} else {
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 802f0a0..5285e24 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -7517,7 +7517,7 @@ static struct srv_kw_list srv_kws = { "SSL", { }, {
{ "tlsv11", srv_parse_tlsv11, 0, 1 }, /* enable TLSv11 */
{ "tlsv12", srv_parse_tlsv12, 0, 1 }, /* enable TLSv12 */
{ "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
- { "verify", srv_parse_verify, 1, 0 }, /* set SSL verify method */
+ { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
{ "verifyhost", srv_parse_verifyhost, 1, 0 }, /* require that SSL cert verifies for hostname */
{ NULL, NULL, 0, 0 },
}};
--
2.1.4
