[ssl] support disabling ssl.verifyclient.activate in SNI callback (fixes #2531)

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3107 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/heads/lighttpd-1.4.x
Stefan Bühler 7 years ago
parent 82ee3fb2f8
commit 00063098c1
  1. 1
      NEWS
  2. 2
      src/network.c

@ -35,6 +35,7 @@ NEWS
* [core] more careful parse of $SERVER["socket"] config str (prepare #2204)
* [core] accept $SERVER["socket"] without port, use server.port as fallback (fixes #2204)
* [mod_magnet] define lua_pushglobaltable (for lua5.1) and use it (fixes #2719)
* [ssl] support disabling ssl.verifyclient.activate in SNI callback (fixes #2531)
- 1.4.39 - 2016-01-02
* [core] fix memset_s call (fixes #2698)

@ -151,6 +151,8 @@ static int network_ssl_servername_callback(SSL *ssl, int *al, server *srv) {
NULL
);
SSL_set_verify_depth(ssl, con->conf.ssl_verifyclient_depth);
} else {
SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
}
return SSL_TLSEXT_ERR_OK;

Loading…
Cancel
Save