<description>Whether to check if remote server certificate is expired
</description>
<syntax>SSLProxyCheckPeerExpire on|off</syntax>
-<default>SSLProxyCheckPeerExpire off</default>
+<default>SSLProxyCheckPeerExpire on</default>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
<description>Whether to check the remote server certificates CN field
</description>
<syntax>SSLProxyCheckPeerCN on|off</syntax>
-<default>SSLProxyCheckPeerCN off</default>
+<default>SSLProxyCheckPeerCN on</default>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
return MODSSL_ERROR_BAD_GATEWAY;
}
- if (sc->proxy_ssl_check_peer_expire == SSL_ENABLED_TRUE) {
+ if (sc->proxy_ssl_check_peer_expire != SSL_ENABLED_FALSE) {
cert = SSL_get_peer_certificate(filter_ctx->pssl);
if (!cert
|| (X509_cmp_current_time(
}
X509_free(cert);
}
- if ((sc->proxy_ssl_check_peer_cn == SSL_ENABLED_TRUE)
+ if ((sc->proxy_ssl_check_peer_cn != SSL_ENABLED_FALSE)
&& ((hostname_note =
apr_table_get(c->notes, "proxy-request-hostname")) != NULL)) {
const char *hostname;