nginx-0.3.56-RELEASE importrelease-0.3.56

    *) Feature: the "dav_access" directive.

    *) Feature: the "if" directive supports the "-d", "!-d", "-e", "!-e",
       "-x", and "!-x" operators.

    *) Bugfix: a segmentation fault occurred if a request returned a
       redirect and some sent to client header lines were logged in the
       access log.

1 files changed, 10 insertions, 1 deletions

diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index 8c78e0f95..344f61361 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -17,6 +17,7 @@ typedef u_char *(*ngx_ssl_variable_handler_pt)(ngx_connection_t *);
 #define NGX_DEFLAUT_CIPHERS  "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
 
 
+static int ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store);
 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r,
     ngx_http_variable_value_t *v, uintptr_t data);
 static ngx_int_t ngx_http_ssl_client_s_dn(ngx_http_request_t *r,
@@ -384,7 +385,8 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
     }
 
     if (conf->verify) {
-        SSL_CTX_set_verify(conf->ssl.ctx, NGX_SSL_VERIFY, NULL);
+        SSL_CTX_set_verify(conf->ssl.ctx, NGX_SSL_VERIFY,
+                           ngx_http_ssl_verify_callback);
 
         SSL_CTX_set_verify_depth(conf->ssl.ctx, conf->verify_depth);
 
@@ -422,6 +424,13 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
 }
 
 
+static int
+ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store)
+{
+    return 1;
+}
+
+
 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
 
 static char *