From: William Lallemand <wlallemand@haproxy.org>
Date: Tue, 26 Apr 2022 10:00:06 +0000 (+0200)
Subject: MEDIUM: httpclient: re-enable the verify by default
X-Git-Tag: v2.6-dev8~65
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f1344b3cee9c190f0cf4081b72e0544c47f3eb11;p=thirdparty%2Fhaproxy.git

MEDIUM: httpclient: re-enable the verify by default

Since the httpclient verify now has a fallback which disable the SSL in
the httpclient without exiting haproxy at startup, we can safely
re-enable it by default.

It could still be disabled with "httpclient-ssl-verify none".
---

diff --git a/src/http_client.c b/src/http_client.c
index 52255becae..69add1a6e9 100644
--- a/src/http_client.c
+++ b/src/http_client.c
@@ -41,7 +41,7 @@ static struct proxy *httpclient_proxy;
 static struct server *httpclient_srv_raw;
 #ifdef USE_OPENSSL
 static struct server *httpclient_srv_ssl;
-static int httpclient_ssl_verify = SSL_SOCK_VERIFY_NONE;
+static int httpclient_ssl_verify = SSL_SOCK_VERIFY_REQUIRED;
 #endif
 static struct applet httpclient_applet;