add `verifyname' option for `proxy' rule

This commit is contained in:
Omar Polo 2022-01-01 18:50:10 +00:00
parent 7bdcc91ec7
commit 5128c0b0e3
3 changed files with 9 additions and 0 deletions

1
gmid.h
View File

@ -100,6 +100,7 @@ extern struct fcgi fcgi[FCGI_MAX];
struct proxy {
char *host;
const char *port;
int noverifyname;
uint8_t *cert;
size_t certlen;
uint8_t *key;

View File

@ -125,6 +125,7 @@ typedef struct {
%token RELAY_TO REQUIRE RETURN ROOT
%token SERVER SPAWN STRIP
%token TCP TOEXT TYPE USER
%token VERIFYNAME
%token ERROR
@ -327,6 +328,9 @@ proxy_opt : CERT string {
yyerror("proxy port is %s: %s", errstr,
p->port);
}
| VERIFYNAME bool {
host->proxy.noverifyname = !$2;
}
;
locations : /* empty */
@ -468,6 +472,7 @@ static struct keyword {
{"to-ext", TOEXT},
{"type", TYPE},
{"user", USER},
{"verifyname", VERIFYNAME},
};
void

View File

@ -292,6 +292,9 @@ proxy_init(struct client *c)
if ((conf = tls_config_new()) == NULL)
return -1;
if (p->noverifyname)
tls_config_insecure_noverifyname(conf);
/* TODO: tls_config_set_protocols here */
tls_config_insecure_noverifycert(conf);