MINOR: server: Make 'default-server' support 'verifyhost' setting.
This patch makes 'default-server' directive support 'verifyhost' setting.
Note: there was a little memory leak when several 'verifyhost' arguments were
supplied on the same 'server' line.
diff --git a/src/server.c b/src/server.c
index b69d1d1..5819b75 100644
--- a/src/server.c
+++ b/src/server.c
@@ -1298,6 +1298,8 @@
#if defined(USE_OPENSSL)
/* SSL config. */
newsrv->ssl_ctx.verify = curproxy->defsrv.ssl_ctx.verify;
+ if (curproxy->defsrv.ssl_ctx.verify_host != NULL)
+ newsrv->ssl_ctx.verify_host = strdup(curproxy->defsrv.ssl_ctx.verify_host);
#endif
cur_arg = 3;
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 5285e24..34860fe 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6792,6 +6792,7 @@
return ERR_ALERT | ERR_FATAL;
}
+ free(newsrv->ssl_ctx.verify_host);
newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
return 0;
@@ -7518,7 +7519,7 @@
{ "tlsv12", srv_parse_tlsv12, 0, 1 }, /* enable TLSv12 */
{ "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
{ "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
- { "verifyhost", srv_parse_verifyhost, 1, 0 }, /* require that SSL cert verifies for hostname */
+ { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
{ NULL, NULL, 0, 0 },
}};