Mercurial > hg > nginx-vendor-current

diff src/http/modules/ngx_http_ssl_module.c @ 690:b5b7eea22fda NGINX_1_3_8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 1.3.8 *) Feature: the "optional_no_ca" parameter of the "ssl_verify_client" directive. Thanks to Mike Kazantsev and Eric O'Connor. *) Feature: the $bytes_sent, $connection, and $connection_requests variables can now be used not only in the "log_format" directive. Thanks to Benjamin Grössing. *) Feature: the "auto" parameter of the "worker_processes" directive. *) Bugfix: "cache file ... has md5 collision" alert. *) Bugfix: in the ngx_http_gunzip_filter_module. *) Bugfix: in the "ssl_stapling" directive.
author Igor Sysoev <http://sysoev.ru>
date Tue, 30 Oct 2012 00:00:00 +0400
parents f31b19fe7f48
children
line wrap: on
line diff
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -50,6 +50,7 @@ static ngx_conf_enum_t  ngx_http_ssl_ver
     { ngx_string("off"), 0 },
     { ngx_string("on"), 1 },
     { ngx_string("optional"), 2 },
+    { ngx_string("optional_no_ca"), 3 },
     { ngx_null_string, 0 }
 };
 
@@ -515,7 +516,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *
 
     if (conf->verify) {
 
-        if (conf->client_certificate.len == 0) {
+        if (conf->client_certificate.len == 0 && conf->verify != 3) {
             ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
                           "no ssl_client_certificate for ssl_client_verify");
             return NGX_CONF_ERROR;
@@ -736,7 +737,7 @@ ngx_http_ssl_init(ngx_conf_t *cf)
 
         sscf = cscfp[s]->ctx->srv_conf[ngx_http_ssl_module.ctx_index];
 
-        if (!sscf->stapling) {
+        if (sscf->ssl.ctx == NULL || !sscf->stapling) {
             continue;
         }