nginx-vendor-current: src/http/modules/ngx_http_ssl

comparison src/http/modules/ngx_http_ssl_module.c @ 690:b5b7eea22fda NGINX_1_3_8

nginx 1.3.8 *) Feature: the "optional_no_ca" parameter of the "ssl_verify_client" directive. Thanks to Mike Kazantsev and Eric O'Connor. *) Feature: the $bytes_sent, $connection, and $connection_requests variables can now be used not only in the "log_format" directive. Thanks to Benjamin Grössing. *) Feature: the "auto" parameter of the "worker_processes" directive. *) Bugfix: "cache file ... has md5 collision" alert. *) Bugfix: in the ngx_http_gunzip_filter_module. *) Bugfix: in the "ssl_stapling" directive.

author	Igor Sysoev <http://sysoev.ru>
date	Tue, 30 Oct 2012 00:00:00 +0400
parents	f31b19fe7f48
children

comparison

equal deleted inserted replaced

-:4d942f0d1703
+:b5b7eea22fda
 static ngx_conf_enum_t  ngx_http_ssl_verify[] = {
 { ngx_string("off"), 0 },
 { ngx_string("on"), 1 },
 { ngx_string("optional"), 2 },
+{ ngx_string("optional_no_ca"), 3 },
 { ngx_null_string, 0 }
 };
 static ngx_command_t  ngx_http_ssl_commands[] = {
 &conf->ciphers);
 }
 if (conf->verify) {
-if (conf->client_certificate.len == 0) {
+if (conf->client_certificate.len == 0 && conf->verify != 3) {
 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
 "no ssl_client_certificate for ssl_client_verify");
 return NGX_CONF_ERROR;
 }
 for (s = 0; s < cmcf->servers.nelts; s++) {
 sscf = cscfp[s]->ctx->srv_conf[ngx_http_ssl_module.ctx_index];
-if (!sscf->stapling) {
+if (sscf->ssl.ctx == NULL || !sscf->stapling) {
 continue;
 }
 clcf = cscfp[s]->ctx->loc_conf[ngx_http_core_module.ctx_index];

Mercurial > hg > nginx-vendor-current

comparison src/http/modules/ngx_http_ssl_module.c @ 690:b5b7eea22fda NGINX_1_3_8