Changes with nginx 1.3.8 30 Oct 2012v1.3.8

    *) Feature: the "optional_no_ca" parameter of the "ssl_verify_client"
       directive.
       Thanks to Mike Kazantsev and Eric O'Connor.

    *) Feature: the $bytes_sent, $connection, and $connection_requests
       variables can now be used not only in the "log_format" directive.
       Thanks to Benjamin Grössing.

    *) Feature: the "auto" parameter of the "worker_processes" directive.

    *) Bugfix: "cache file ... has md5 collision" alert.

    *) Bugfix: in the ngx_http_gunzip_filter_module.

    *) Bugfix: in the "ssl_stapling" directive.

1 files changed, 7 insertions, 0 deletions

diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index d1fb5739f..bf81d2529 100644
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -127,6 +127,13 @@ ngx_int_t ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session);
 #define ngx_ssl_get_server_conf(ssl_ctx)                                      \
     SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_server_conf_index)
 
+#define ngx_ssl_verify_error_optional(n)                                      \
+    (n == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT                              \
+     || n == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN                             \
+     || n == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY                     \
+     || n == X509_V_ERR_CERT_UNTRUSTED                                        \
+     || n == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)
+
 
 ngx_int_t ngx_ssl_get_protocol(ngx_connection_t *c, ngx_pool_t *pool,
     ngx_str_t *s);