Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.h @ 4904:c3b276283e4a stable-1.2
Merge of r4885: ssl_verify_client optional_no_ca.
SSL: the "ssl_verify_client" directive parameter "optional_no_ca".
This parameter allows to don't require certificate to be signed by
a trusted CA, e.g. if CA certificate isn't known in advance, like in
WebID protocol.
Note that it doesn't add any security unless the certificate is actually
checked to be trusted by some external means (e.g. by a backend).
Patch by Mike Kazantsev, Eric O'Connor.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 13 Nov 2012 10:42:16 +0000 |
parents | d620f497c50f |
children |
comparison
equal
deleted
inserted
replaced
4903:dcbb7989b5b5 | 4904:c3b276283e4a |
---|---|
118 #define ngx_ssl_get_connection(ssl_conn) \ | 118 #define ngx_ssl_get_connection(ssl_conn) \ |
119 SSL_get_ex_data(ssl_conn, ngx_ssl_connection_index) | 119 SSL_get_ex_data(ssl_conn, ngx_ssl_connection_index) |
120 #define ngx_ssl_get_server_conf(ssl_ctx) \ | 120 #define ngx_ssl_get_server_conf(ssl_ctx) \ |
121 SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_server_conf_index) | 121 SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_server_conf_index) |
122 | 122 |
123 #define ngx_ssl_verify_error_optional(n) \ | |
124 (n == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT \ | |
125 || n == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN \ | |
126 || n == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY \ | |
127 || n == X509_V_ERR_CERT_UNTRUSTED \ | |
128 || n == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE) | |
129 | |
123 | 130 |
124 ngx_int_t ngx_ssl_get_protocol(ngx_connection_t *c, ngx_pool_t *pool, | 131 ngx_int_t ngx_ssl_get_protocol(ngx_connection_t *c, ngx_pool_t *pool, |
125 ngx_str_t *s); | 132 ngx_str_t *s); |
126 ngx_int_t ngx_ssl_get_cipher_name(ngx_connection_t *c, ngx_pool_t *pool, | 133 ngx_int_t ngx_ssl_get_cipher_name(ngx_connection_t *c, ngx_pool_t *pool, |
127 ngx_str_t *s); | 134 ngx_str_t *s); |