SSL: added verify callback to ngx_ssl_trusted_certificate().

This ensures that certificate verification is properly logged to debug log during upstream server certificate verification. This should help with debugging various certificate issues.
author: Maxim Dounin <mdounin@mdounin.ru> 2020-06-03 19:11:32 +0300
committer: Maxim Dounin <mdounin@mdounin.ru> 2020-06-03 19:11:32 +0300
commit: 2d4f04bba0613292d8b51bf0de959e88afc72c54 (patch)
tree: ac551c208648bf89a24b23c29336374e0ca7be92
parent: 9c3ac44de268f0cf057bc5dd67929e74c9bbc3e3 (diff)
download: nginx-2d4f04bba0613292d8b51bf0de959e88afc72c54.tar.gz
nginx-2d4f04bba0613292d8b51bf0de959e88afc72c54.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 264d4e7a4..c1d5d6a43 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -920,6 +920,8 @@ ngx_int_t
 ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
     ngx_int_t depth)
 {
+    SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_PEER, ngx_ssl_verify_callback);
+
     SSL_CTX_set_verify_depth(ssl->ctx, depth);
 
     if (cert->len == 0) {
author	Maxim Dounin <mdounin@mdounin.ru>	2020-06-03 19:11:32 +0300
committer	Maxim Dounin <mdounin@mdounin.ru>	2020-06-03 19:11:32 +0300
commit	2d4f04bba0613292d8b51bf0de959e88afc72c54 (patch)
tree	ac551c208648bf89a24b23c29336374e0ca7be92
parent	9c3ac44de268f0cf057bc5dd67929e74c9bbc3e3 (diff)
download	nginx-2d4f04bba0613292d8b51bf0de959e88afc72c54.tar.gz nginx-2d4f04bba0613292d8b51bf0de959e88afc72c54.zip