[pve-devel] applied: Something missing in http://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x_and_newer) ?
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Nov 23 08:41:46 CET 2016
On Tue, Nov 22, 2016 at 02:38:45PM +0100, Fabian Grünbichler wrote:
> ...
> -- >8 --
>
> Subject: [PATCH manager] fix SSL verify callback for certificate chains
>
> ignoring parts of the chain means saying they are verified,
> because the verify callback results are chained together
> starting with the highest depth.
> ---
> PVE/HTTPServer.pm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
> index db1faae..3460050 100755
> --- a/PVE/HTTPServer.pm
> +++ b/PVE/HTTPServer.pm
> @@ -700,7 +700,7 @@ sub proxy_request {
> verify_cb => sub {
> my (undef, undef, undef, $depth, undef, undef, $cert) = @_;
> # we don't care about intermediate or root certificates
> - return 0 if $depth != 0;
> + return 1 if $depth != 0;
> # check server certificate against cache of pinned FPs
> return check_cert_fingerprint($cert);
> },
> --
> 2.1.4
>
applied. thanks Stefan Priebe for reporting the issue and catching this
so early!
More information about the pve-devel
mailing list