MINOR: ssl: Add statement 'verifyhost' to "server" statements verifyhost allows you to specify a hostname that the remote server's SSL certificate must match. Connections that don't match will be closed with an SSL error.

commit: be55431f9f4910de2d02922cabfd0ed2f0e7a776 [log] [tgz]
author: Evan Broder <evan@stripe.com> Thu Jun 27 00:05:25 2013 -0700
committer: Willy Tarreau <w@1wt.eu> Sun Sep 01 07:55:49 2013 +0200
tree: ce1ff640760a8ef5ed78f687b1d55ed7541152f0
parent: f3a3e1389e40434da9e1fc295be6ff5a8037effb [diff] [blame]
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 4bb2572..37d16cb 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -8100,6 +8100,16 @@
 
   Supported in default-server: No
 
+verifyhost <hostname>
+  This setting is only available when support for OpenSSL was built in, and
+  only takes effect if 'verify required' is also specified. When set, the
+  hostnames in the subject and subjectAlternateNames of the certificate
+  provided by the server are checked. If none of the hostnames in the
+  certificate match the specified hostname, the handshake is aborted. The
+  hostnames in the server-provided certificate may include wildcards.
+
+  Supported in default-server: No
+
 weight <weight>
   The "weight" parameter is used to adjust the server's weight relative to
   other servers. All servers will receive a load proportional to their weight
commit	be55431f9f4910de2d02922cabfd0ed2f0e7a776	[log] [tgz]
author	Evan Broder <evan@stripe.com>	Thu Jun 27 00:05:25 2013 -0700
committer	Willy Tarreau <w@1wt.eu>	Sun Sep 01 07:55:49 2013 +0200
tree	ce1ff640760a8ef5ed78f687b1d55ed7541152f0
parent	f3a3e1389e40434da9e1fc295be6ff5a8037effb [diff] [blame]