From 00063098c1e435985f7caf42138d6674b4e29bb3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de>
Date: Sat, 19 Mar 2016 13:27:13 +0000
Subject: [PATCH] [ssl] support disabling ssl.verifyclient.activate in SNI
 callback (fixes #2531)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3107 152afb58-edef-0310-8abb-c4023f1b3aa9
---
 NEWS          | 1 +
 src/network.c | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/NEWS b/NEWS
index 758c30d3..eb11925c 100644
--- a/NEWS
+++ b/NEWS
@@ -35,6 +35,7 @@ NEWS
   * [core] more careful parse of $SERVER["socket"] config str (prepare #2204)
   * [core] accept $SERVER["socket"] without port, use server.port as fallback (fixes #2204)
   * [mod_magnet] define lua_pushglobaltable (for lua5.1) and use it (fixes #2719)
+  * [ssl] support disabling ssl.verifyclient.activate in SNI callback (fixes #2531)
 
 - 1.4.39 - 2016-01-02
   * [core] fix memset_s call (fixes #2698)
diff --git a/src/network.c b/src/network.c
index 017d77dd..a6022e81 100644
--- a/src/network.c
+++ b/src/network.c
@@ -151,6 +151,8 @@ static int network_ssl_servername_callback(SSL *ssl, int *al, server *srv) {
 			NULL
 		);
 		SSL_set_verify_depth(ssl, con->conf.ssl_verifyclient_depth);
+	} else {
+		SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
 	}
 
 	return SSL_TLSEXT_ERR_OK;