gamzinav/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MINOR: server: Make 'default-server' support 'verifyhost' setting.

Browse Source 
This patch makes 'default-server' directive support 'verifyhost' setting.
Note: there was a little memory leak when several 'verifyhost' arguments were
supplied on the same 'server' line.
This commit is contained in:
Frdric Lcaille 2017-03-13 15:52:01 +01:00 committed by Willy Tarreau
parent 7c8cd587c2
commit 273f321404
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/server.c
View File

@ -1298,6 +1298,8 @@ int parse_server(const char *file, int linenum, char **args, struct proxy *curpr
#if defined(USE_OPENSSL)
/* SSL config. */
newsrv->ssl_ctx.verify = curproxy->defsrv.ssl_ctx.verify;
if (curproxy->defsrv.ssl_ctx.verify_host != NULL)
newsrv->ssl_ctx.verify_host = strdup(curproxy->defsrv.ssl_ctx.verify_host);
#endif
cur_arg = 3;

3
src/ssl_sock.c
View File

@ -6792,6 +6792,7 @@ static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, str
return ERR_ALERT | ERR_FATAL;
}
free(newsrv->ssl_ctx.verify_host);
newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
return 0;
@ -7518,7 +7519,7 @@ static struct srv_kw_list srv_kws = { "SSL", { }, {
{ "tlsv12", srv_parse_tlsv12, 0, 1 }, /* enable TLSv12 */
{ "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
{ "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
{ "verifyhost", srv_parse_verifyhost, 1, 0 }, /* require that SSL cert verifies for hostname */
{ "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
{ NULL, NULL, 0, 0 },
}};