[ssl] support disabling ssl.verifyclient.activate in SNI callback (fixes #2531)

From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3107 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-03-19 13:27:13 +00:00 · 2016-03-19 13:27:13 +00:00 · 00063098c1
parent 82ee3fb2f8
commit 00063098c1
2 changed files with 3 additions and 0 deletions
--- a/1
+++ b/1
@ -35,6 +35,7 @@ NEWS
  * [core] more careful parse of $SERVER["socket"] config str (prepare #2204)
  * [core] accept $SERVER["socket"] without port, use server.port as fallback (fixes #2204)
  * [mod_magnet] define lua_pushglobaltable (for lua5.1) and use it (fixes #2719)
+  * [ssl] support disabling ssl.verifyclient.activate in SNI callback (fixes #2531)

 - 1.4.39 - 2016-01-02
  * [core] fix memset_s call (fixes #2698)
--- a/src/network.c
+++ b/src/network.c
@ -151,6 +151,8 @@ static int network_ssl_servername_callback(SSL *ssl, int *al, server *srv) {
 			NULL
 		);
 		SSL_set_verify_depth(ssl, con->conf.ssl_verifyclient_depth);
+	} else {
+		SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
 	}

 	return SSL_TLSEXT_ERR_OK;