From f1344b3cee9c190f0cf4081b72e0544c47f3eb11 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Tue, 26 Apr 2022 12:00:06 +0200 Subject: [PATCH] MEDIUM: httpclient: re-enable the verify by default Since the httpclient verify now has a fallback which disable the SSL in the httpclient without exiting haproxy at startup, we can safely re-enable it by default. It could still be disabled with "httpclient-ssl-verify none". --- src/http_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/http_client.c b/src/http_client.c index 52255beca..69add1a6e 100644 --- a/src/http_client.c +++ b/src/http_client.c @@ -41,7 +41,7 @@ static struct proxy *httpclient_proxy; static struct server *httpclient_srv_raw; #ifdef USE_OPENSSL static struct server *httpclient_srv_ssl; -static int httpclient_ssl_verify = SSL_SOCK_VERIFY_NONE; +static int httpclient_ssl_verify = SSL_SOCK_VERIFY_REQUIRED; #endif static struct applet httpclient_applet;