walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Send acceptable list of CAs when client cert auth is enabled

This commit is contained in:
Tatsuhiro Tsujikawa 2014-01-09 00:07:51 +09:00
parent c36ce28f69
commit a15fc5fbb4
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/shrpx_ssl.cc
View File

@ -276,6 +276,18 @@ SSL_CTX* create_ssl_context(const char *private_key_file,
<< ERR_error_string(ERR_get_error(), nullptr); << ERR_error_string(ERR_get_error(), nullptr);
DIE(); DIE();
} }
// It is heard that SSL_CTX_load_verify_locations() may leave
// error even though it returns success. See
// http://forum.nginx.org/read.php?29,242540
ERR_clear_error();
auto list = SSL_load_client_CA_file(get_config()->verify_client_cacert);
if(!list) {
LOG(FATAL) << "Could not load ca certificates from "
<< get_config()->verify_client_cacert << ": "
<< ERR_error_string(ERR_get_error(), nullptr);
DIE();
}
SSL_CTX_set_client_CA_list(ssl_ctx, list);
} }
SSL_CTX_set_verify(ssl_ctx, SSL_CTX_set_verify(ssl_ctx,
SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE | SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE |