| commit | 850efd5149c06087b76c52311fb5ee0794413f50 | [log] [tgz] |
|---|---|---|
| author | Emeric Brun <ebrun@exceliance.fr> | Wed Jan 29 12:24:34 2014 +0100 |
| committer | Willy Tarreau <w@1wt.eu> | Wed Jan 29 17:08:15 2014 +0100 |
| tree | 70f74fc48b64c3494504d9384ed455b9118cd392 | |
| parent | 59ad1a2e7584669d591ccd290fd027e8c190ebe4 [diff] |
MEDIUM: ssl: Set verify 'required' as global default for servers side. If no CA file specified on a server line, the config parser will show an error. Adds an cmdline option '-dV' to re-set verify 'none' as global default on servers side (previous behavior). Also adds 'ssl-server-verify' global statement to set global default to 'none' or 'required'. WARNING: this changes the default verify mode from "none" to "required" on the server side, and it *will* break insecure setups.