fix SSL verify callback for certificate chains

ignoring parts of the chain means saying they are verified, because the verify callback results are chained together starting with the highest depth.
2016-11-22 14:26:55 +01:00 · 2016-11-22 14:26:55 +01:00 · d23ff9baf8
commit d23ff9baf8
parent d14036e5e3
1 changed files with 1 additions and 1 deletions
--- a/PVE/HTTPServer.pm
+++ b/PVE/HTTPServer.pm
@ -700,7 +700,7 @@ sub proxy_request {
 	    verify_cb => sub {
 		my (undef, undef, undef, $depth, undef, undef, $cert) = @_;
 		# we don't care about intermediate or root certificates
-		return 0 if $depth != 0;
+		return 1 if $depth != 0;
 		# check server certificate against cache of pinned FPs
 		return check_cert_fingerprint($cert);
 	    },