]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 59ad1a2) | patch
MEDIUM: ssl: Set verify 'required' as global default for servers side.
authorEmeric Brun <ebrun@exceliance.fr>
Wed, 29 Jan 2014 11:24:34 +0000 (12:24 +0100)
committerWilly Tarreau <w@1wt.eu>
Wed, 29 Jan 2014 16:08:15 +0000 (17:08 +0100)
commit850efd5149c06087b76c52311fb5ee0794413f50
tree70f74fc48b64c3494504d9384ed455b9118cd392tree | snapshot
parent59ad1a2e7584669d591ccd290fd027e8c190ebe4commit | diff
MEDIUM: ssl: Set verify 'required' as global default for servers side.

If no CA file specified on a server line, the config parser will show an error.

Adds an cmdline option '-dV' to re-set verify 'none' as global default on
servers side (previous behavior).

Also adds 'ssl-server-verify' global statement to set global default to
'none' or 'required'.

WARNING: this changes the default verify mode from "none" to "required" on
the server side, and it *will* break insecure setups.
doc/configuration.txt diff | blob | blame | history
include/types/global.h diff | blob | blame | history
src/cfgparse.c diff | blob | blame | history
src/haproxy.c diff | blob | blame | history
src/ssl_sock.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git