mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-09-01 03:51:28 +02:00
81c00f0a7a
Allow to ignore some verify errors and to let them pass the handshake. Add option 'crt-ignore-err <list>' Ignore verify errors at depth == 0 (client certificate) <list> is string 'all' or a comma separated list of verify error IDs (see http://www.openssl.org/docs/apps/verify.html) Add option 'ca-ignore-err <list>' Same as 'crt-ignore-err' for all depths > 0 (CA chain certs) Ex ignore all errors on CA and expired or not-yet-valid errors on client certificate: bind 0.0.0.0:443 ssl crt crt.pem verify required cafile ca.pem ca-ignore-err all crt-ignore-err 10,9