Project

General

Profile

Actions

Feature #8228

closed

HAProxy ssl verify none

Added by Zoltan Beck about 7 years ago. Updated about 7 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
haproxy
Target version:
-
Start date:
12/20/2017
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

Dear All,

I've a strange issue with HAProxy serving HTTPS pages and phones with Android/Chrome. THe issue is the same as described in the following forum: https://stackoverflow.com/questions/19311094/certificate-issue-ssl-page-brings-up-you-need-to-set-a-lock-screen-pin-or-pass.
Regarding to the documentation of HAProxy I need to set up the "verify" option to none:

"verify [none|optional|required]
This setting is only available when support for OpenSSL was built in. If set
to 'none', client certificate is not requested. This is the default. In other
cases, a client certificate is requested. If the client does not provide a
certificate after the request and if 'verify' is set to 'required', then the
handshake is aborted, while it would have succeeded if set to 'optional'. The
certificate provided by the client is always verified using CAs from
'ca-file' and optional CRLs from 'crl-file'. On verify failure the handshake
is aborted, regardless of the 'verify' option, unless the error code exactly
matches one of those listed with 'ca-ignore-err' or 'crt-ignore-err'."

In the HAProxy package if I set the option "Allows clients without a certificate to connect." then in the config will appears the "SSL verify optional", but I need "SSL verify none". Can you please add one more option for this in the GUI?
Kind Regards,
bzg

Files

pfsense_1.png (170 KB) pfsense_1.png Zoltan Beck, 12/20/2017 12:46 PM
pfsense_2.png (146 KB) pfsense_2.png Zoltan Beck, 12/20/2017 12:55 PM
Actions

Also available in: Atom PDF