summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/serv-args.def7
-rw-r--r--src/serv.c2
2 files changed, 8 insertions, 1 deletions
diff --git a/src/serv-args.def b/src/serv-args.def
index 1caf7006ed..141984a52d 100644
--- a/src/serv-args.def
+++ b/src/serv-args.def
@@ -83,6 +83,13 @@ flag = {
};
flag = {
+ name = verify-client-cert;
+ disabled;
+ descrip = "If a client certificate is sent then verify it.";
+ doc = "Do not require, but if a client certificate is sent then verify it and close the connection if invalid.";
+};
+
+flag = {
name = heartbeat;
value = b;
descrip = "Activate heartbeat support";
diff --git a/src/serv.c b/src/serv.c
index 198750fbe2..ae46dd19f5 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -1182,7 +1182,7 @@ static void retry_handshake(listener_item *j)
}
if (gnutls_auth_get_type(j->tls_session) == GNUTLS_CRD_CERTIFICATE) {
- if (require_cert && cert_verify(j->tls_session, NULL, NULL) == 0) {
+ if ((require_cert || ENABLED_OPT(VERIFY_CLIENT_CERT)) && cert_verify(j->tls_session, NULL, NULL) == 0) {
do {
ret = gnutls_alert_send(j->tls_session, GNUTLS_AL_FATAL, GNUTLS_A_ACCESS_DENIED);
} while(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
View Lorry Controller Status