ssl_verify_depth is now fast option

2025-12-23 15:42:08 +03:00 · 2016-12-28 06:56:50 +01:00
parent 3f3ff09ec6
commit a247e01807
4 changed files with 4 additions and 8 deletions
--- a/src/httplib_config_options.c
+++ b/src/httplib_config_options.c
@@ -54,7 +54,6 @@ struct httplib_option XX_httplib_config_options[] = {
 	{ "hide_files_patterns",         CONFIG_TYPE_EXT_PATTERN, NULL                                                               },
 	{ "ssl_ca_path",                 CONFIG_TYPE_DIRECTORY,   NULL                                                               },
 	{ "ssl_ca_file",                 CONFIG_TYPE_FILE,        NULL                                                               },
-	{ "ssl_verify_depth",            CONFIG_TYPE_NUMBER,      "9"                                                                },
 	{ "ssl_cipher_list",             CONFIG_TYPE_STRING,      NULL                                                               },
 	{ "ssl_protocol_version",        CONFIG_TYPE_NUMBER,      "0"                                                                },
 	{ "websocket_root",              CONFIG_TYPE_DIRECTORY,   NULL                                                               },
--- a/src/httplib_main.h
+++ b/src/httplib_main.h
@@ -413,7 +413,6 @@ enum {
 	HIDE_FILES,
 	SSL_CA_PATH,
 	SSL_CA_FILE,
-	SSL_VERIFY_DEPTH,
 	SSL_CIPHER_LIST,
 	SSL_PROTOCOL_VERSION,
 	WEBSOCKET_ROOT,
@@ -600,6 +599,7 @@ struct httplib_context {
 #endif
 	int	num_threads;
 	int	request_timeout;
+	int	ssl_verify_depth;
 	int	static_file_max_age;
 	int	websocket_timeout;

--- a/src/httplib_set_ssl_option.c
+++ b/src/httplib_set_ssl_option.c
@@ -42,7 +42,6 @@ bool XX_httplib_set_ssl_option( struct httplib_context *ctx ) {

 	const char *pem;
 	int callback_ret;
-	int verify_depth;
 	time_t now_rt;
 	struct timespec now_mt;
 	md5_byte_t ssl_context_id[16];
@@ -154,11 +153,7 @@ bool XX_httplib_set_ssl_option( struct httplib_context *ctx ) {
 			return false;
 		}

-		if ( ctx->cfg[SSL_VERIFY_DEPTH] != NULL ) {
-
-			verify_depth = atoi( ctx->cfg[SSL_VERIFY_DEPTH] );
-			SSL_CTX_set_verify_depth( ctx->ssl_ctx, verify_depth );
-		}
+		SSL_CTX_set_verify_depth( ctx->ssl_ctx, ctx->ssl_verify_depth );
 	}

 	if ( ctx->cfg[SSL_CIPHER_LIST] != NULL ) {
--- a/src/httplib_start.c
+++ b/src/httplib_start.c
@@ -289,6 +289,7 @@ static bool process_options( struct httplib_context *ctx, const struct httplib_o
 	ctx->num_threads              = 50;
 	ctx->request_timeout          = 30000;
 	ctx->ssl_short_trust          = false;
+	ctx->ssl_verify_depth         = 9;
 	ctx->ssl_verify_paths         = true;
 	ctx->ssl_verify_peer          = false;
 	ctx->static_file_max_age      = 0;
@@ -303,6 +304,7 @@ static bool process_options( struct httplib_context *ctx, const struct httplib_o
 		if ( check_int(  ctx, options, "num_threads",              & ctx->num_threads,              1, INT_MAX ) ) return true;
 		if ( check_int(  ctx, options, "request_timeout",          & ctx->request_timeout,          0, INT_MAX ) ) return true;
 		if ( check_bool( ctx, options, "ssl_short_trust",          & ctx->ssl_short_trust                      ) ) return true;
+		if ( check_int(  ctx, options, "ssl_verify_depth",         & ctx->ssl_verify_depth,         0, 9       ) ) return true;
 		if ( check_bool( ctx, options, "ssl_verify_paths",         & ctx->ssl_verify_paths                     ) ) return true;
 		if ( check_bool( ctx, options, "ssl_verify_peer",          & ctx->ssl_verify_peer                      ) ) return true;
 		if ( check_int(  ctx, options, "static_file_max_age",      & ctx->static_file_max_age,      0, INT_MAX ) ) return true;