MINOR: server: Make 'default-server' support 'verify' keyword.

This patch makes 'default-server' directive support 'verify' keyword.

diff --git a/src/server.c b/src/server.c
index ddb2842ee774c60bdf5c4bf8d2cc7f4e226bbfee..b69d1d1d025ba21772caebb78997f3a819269831 100644 (file)
--- a/src/server.c
+++ b/src/server.c
@@ -1295,6 +1295,10 @@ int parse_server(const char *file, int linenum, char **args, struct proxy *curpr
                        newsrv->dns_opts.pref_net_nb = curproxy->defsrv.dns_opts.pref_net_nb;
                        newsrv->init_addr_methods = curproxy->defsrv.init_addr_methods;
                        newsrv->init_addr         = curproxy->defsrv.init_addr;
+#if defined(USE_OPENSSL)
+                       /* SSL config. */
+                       newsrv->ssl_ctx.verify = curproxy->defsrv.ssl_ctx.verify;
+#endif
 
                        cur_arg = 3;
                } else {

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 802f0a05d9cc44fa00bbb05aeeec13de80df1b44..5285e244cf2306ea742bb75fe639b115dc809324 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -7517,7 +7517,7 @@ static struct srv_kw_list srv_kws = { "SSL", { }, {
        { "tlsv11",                  srv_parse_tlsv11,            0, 1 }, /* enable TLSv11 */
        { "tlsv12",                  srv_parse_tlsv12,            0, 1 }, /* enable TLSv12 */
        { "tls-tickets",             srv_parse_tls_tickets,       0, 1 }, /* enable session resumption tickets */
-       { "verify",                  srv_parse_verify,            1, 0 }, /* set SSL verify method */
+       { "verify",                  srv_parse_verify,            1, 1 }, /* set SSL verify method */
        { "verifyhost",              srv_parse_verifyhost,        1, 0 }, /* require that SSL cert verifies for hostname */
        { NULL, NULL, 0, 0 },
 }};