Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 81c00f0a7a148e2bdf6f7ffc2fda9c7cf8e233cc
commit81c00f0a7a148e2bdf6f7ffc2fda9c7cf8e233cc[log] [tgz]
authorEmeric Brun <ebrun@exceliance.fr>Fri Sep 21 14:31:21 2012 +0200
committerWilly Tarreau <w@1wt.eu>Tue Oct 02 08:32:50 2012 +0200
treee0975d9ad96e39ee0b7bcbc8dbee9ba15b4afacf
parentb4354087ee4865c8c19072fa82f26a2409d635cc [diff]
MINOR: ssl: add ignore verify errors options

Allow to ignore some verify errors and to let them pass the handshake.

Add option 'crt-ignore-err <list>'
Ignore verify errors at depth == 0 (client certificate)
<list> is string 'all' or a comma separated list of verify error IDs
(see http://www.openssl.org/docs/apps/verify.html)

Add option 'ca-ignore-err <list>'
Same as 'crt-ignore-err' for all depths > 0 (CA chain certs)

Ex ignore all errors on CA and expired or not-yet-valid errors
on client certificate:

bind 0.0.0.0:443 ssl crt crt.pem verify required
 cafile ca.pem ca-ignore-err all crt-ignore-err 10,9
2 files changed
tree: e0975d9ad96e39ee0b7bcbc8dbee9ba15b4afacf
  1. contrib/
  2. doc/
  3. ebtree/
  4. examples/
  5. include/
  6. src/
  7. tests/
  8. .gitignore
  9. CHANGELOG
  10. LICENSE
  11. Makefile
  12. Makefile.bsd
  13. Makefile.osx
  14. README
  15. ROADMAP
  16. SUBVERS
  17. TODO
  18. VERDATE
  19. VERSION