From 9d64d390c8dc9af5f626052d08eeb4a1f2dd5d2e Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Fri, 26 Jun 2026 17:07:51 +0200 Subject: [PATCH] MEDIUM: httpclient: initialize the httpclient with default SSL values The current httpclient implementation does not initialize its server with the options from the global section: ciphers, ciphersuites and various SSL options are always the default of the SSL library. This patch changes the behavior and apply the ssl-default-server-* keywords to the httpclient SSL server. --- src/http_client.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/http_client.c b/src/http_client.c index fa205f0f0..c1aa99404 100644 --- a/src/http_client.c +++ b/src/http_client.c @@ -1189,6 +1189,12 @@ struct proxy *httpclient_create_proxy(const char *id) goto err; } #endif + if (ssl_sock_init_srv(srv_ssl)) { + memprintf(&errmsg, "out of memory."); + err_code |= ERR_ALERT | ERR_FATAL; + goto err; + } + srv_ssl->ssl_ctx.verify = httpclient_ssl_verify; /* if the verify is required, try to load the system CA */ if (httpclient_ssl_verify == SSL_SOCK_VERIFY_REQUIRED) {