annotate auto/stubs @ 7975:3dcb1aba894a

SSL: fixed unexpected certificate requests (ticket #2008). Using SSL_CTX_set_verify(SSL_VERIFY_PEER) implies that OpenSSL will send a certificate request during an SSL handshake, leading to unexpected certificate requests from browsers as long as there are any client certificates installed. Given that ngx_ssl_trusted_certificate() is called unconditionally by the ngx_http_ssl_module, this affected all HTTPS servers. Broken by 699f6e55bbb4 (not released yet). Fix is to set verify callback in the ngx_ssl_trusted_certificate() function without changing the verify mode.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 29 Jun 2020 17:15:51 +0300
parents d620f497c50f
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
455
295d97d70c69 nginx-0.1.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
1
295d97d70c69 nginx-0.1.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
2 # Copyright (C) Igor Sysoev
4412
d620f497c50f Copyright updated.
Maxim Konovalov <maxim@nginx.com>
parents: 2746
diff changeset
3 # Copyright (C) Nginx, Inc.
455
295d97d70c69 nginx-0.1.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
4
295d97d70c69 nginx-0.1.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
5
295d97d70c69 nginx-0.1.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
6 have=NGX_SUPPRESS_WARN . auto/have
295d97d70c69 nginx-0.1.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
7
295d97d70c69 nginx-0.1.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
8 have=NGX_SMP . auto/have