hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-2786: Require certificates when verifying peers

Browse Source 
When peer verification is enabled, clients must present a certificate.
This commit is contained in:
Markus Mäkelä
2019-12-03 10:14:16 +02:00
parent 255071efce
commit 9e9abbe8be
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/core/listener.cc
View File

@ -414,7 +414,7 @@ bool SSL_LISTENER_init(SSL_LISTENER* ssl)
/* Set to require peer (client) certificate verification */ /* Set to require peer (client) certificate verification */
if (ssl->ssl_verify_peer_certificate) if (ssl->ssl_verify_peer_certificate)
{ {
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
} }
/* Set the verification depth */ /* Set the verification depth */