From: William Lallemand <wlallemand@haproxy.org>
Date: Thu, 28 Apr 2022 17:35:21 +0000 (+0200)
Subject: BUG/MINOR: httpclient/ssl: use the correct verify constant
X-Git-Tag: v2.6-dev8~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=04994de6422efa2cb79fbbe3a4b91945bf54bdc8;p=thirdparty%2Fhaproxy.git

BUG/MINOR: httpclient/ssl: use the correct verify constant

The SSL_SERVER_VERIFY_* constants were incorrectly set on the httpclient
server verify. The right constants are SSL_SOCK_VERIFY_* .

This could cause issues when using "httpclient-ssl-verify" or when the
SSL certificates can't be loaded.

No backport needed
---

diff --git a/src/http_client.c b/src/http_client.c
index 69add1a6e9..2b61cf9f74 100644
--- a/src/http_client.c
+++ b/src/http_client.c
@@ -1164,9 +1164,9 @@ static int httpclient_parse_global_verify(char **args, int section_type, struct
 		return -1;
 
 	if (strcmp(args[1],"none") == 0)
-		httpclient_ssl_verify = SSL_SERVER_VERIFY_NONE;
+		httpclient_ssl_verify = SSL_SOCK_VERIFY_NONE;
 	else if (strcmp(args[1],"required") == 0)
-		httpclient_ssl_verify = SSL_SERVER_VERIFY_REQUIRED;
+		httpclient_ssl_verify = SSL_SOCK_VERIFY_REQUIRED;
 	else {
 		ha_alert("parsing [%s:%d] : '%s' expects 'none' or 'required' as argument.\n", file, line, args[0]);
 		return -1;