MINOR: server: Make 'default-server' support 'ca-file', 'crl-file' and 'crt' settings.
This patch makes 'default-server' directives support 'ca-file', 'crl-file' and
'crt' settings.
diff --git a/src/server.c b/src/server.c
index 78b1dc7..71abf36 100644
--- a/src/server.c
+++ b/src/server.c
@@ -1338,6 +1338,12 @@
newsrv->init_addr = curproxy->defsrv.init_addr;
#if defined(USE_OPENSSL)
/* SSL config. */
+ if (curproxy->defsrv.ssl_ctx.ca_file != NULL)
+ newsrv->ssl_ctx.ca_file = strdup(curproxy->defsrv.ssl_ctx.ca_file);
+ if (curproxy->defsrv.ssl_ctx.crl_file != NULL)
+ newsrv->ssl_ctx.crl_file = strdup(curproxy->defsrv.ssl_ctx.crl_file);
+ if (curproxy->defsrv.ssl_ctx.client_crt != NULL)
+ newsrv->ssl_ctx.client_crt = strdup(curproxy->defsrv.ssl_ctx.crl_file);
newsrv->ssl_ctx.verify = curproxy->defsrv.ssl_ctx.verify;
if (curproxy->defsrv.ssl_ctx.verify_host != NULL)
newsrv->ssl_ctx.verify_host = strdup(curproxy->defsrv.ssl_ctx.verify_host);
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 34860fe..72b3259 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -7485,11 +7485,11 @@
* not enabled.
*/
static struct srv_kw_list srv_kws = { "SSL", { }, {
- { "ca-file", srv_parse_ca_file, 1, 0 }, /* set CAfile to process verify server cert */
+ { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
{ "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
{ "ciphers", srv_parse_ciphers, 1, 0 }, /* select the cipher suite */
- { "crl-file", srv_parse_crl_file, 1, 0 }, /* set certificate revocation list file use on server cert verify */
- { "crt", srv_parse_crt, 1, 0 }, /* set client certificate */
+ { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
+ { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
{ "force-sslv3", srv_parse_force_sslv3, 0, 1 }, /* force SSLv3 */
{ "force-tlsv10", srv_parse_force_tlsv10, 0, 1 }, /* force TLSv10 */
{ "force-tlsv11", srv_parse_force_tlsv11, 0, 1 }, /* force TLSv11 */