SSL: added verify callback to ngx_ssl_trusted_certificate().

This ensures that certificate verification is properly logged to debug
log during upstream server certificate verification.  This should help
with debugging various certificate issues.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 264d4e7a4cfabf89b6d29c8c8a4c242ef19f10f8..c1d5d6a43b35dc8f9856380b1c2d20b3a05a4fce 100644 (file)
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -920,6 +920,8 @@ ngx_int_t
 ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
     ngx_int_t depth)
 {
+    SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_PEER, ngx_ssl_verify_callback);
+
     SSL_CTX_set_verify_depth(ssl->ctx, depth);
 
     if (cert->len == 0) {