projects / sysconfig / apache2.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4991f62)
SquaresDB: At least verify the CA is valid
authorAlex Dehnert <alex@dehnerts.com>
Fri, 9 Jul 2021 00:10:20 +0000 (20:10 -0400)
committerAlex Dehnert <alex@dehnerts.com>
Fri, 9 Jul 2021 00:10:20 +0000 (20:10 -0400)
Without checking the name, this is fairly worthless, but at least if we enable
name checking the rest will work already.

sites-available/mit-proxy.conf patch | blob | history

diff --git a/sites-available/mit-proxy.conf b/sites-available/mit-proxy.conf
index b6cd08173cc61dd9262be7e0747cc236ca201848..b3d06f6e24c184f617e01894426f40001cddd1cb 100644 (file)
--- a/sites-available/mit-proxy.conf
+++ b/sites-available/mit-proxy.conf
@@ -14,6 +14,9 @@
 <VirtualHost *:443>
     ServerName squaresdb.dehnerts.com
     SSLProxyEngine on
+    SSLProxyVerify require
+    SSLProxyVerifyDepth 2
+    SSLProxyCACertificatePath /etc/ssl/certs
     # Really I want to validate that the name matches squaresdb.dehnerts.com,
     # but apparently that's not a thing, AFAICT.
     SSLProxyCheckPeerName off