From 7b7872ccf7b7695a382528c5b7397ac6a26e0f86 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Zu=CC=88rn?= <martin@weltundall.de>
Date: Fri, 5 May 2017 10:26:48 +0200
Subject: [PATCH 1/2] Added   lua_ssl_trusted_certificate and
 lua_ssl_verify_depth configuration options

---
 config/default.yml                       | 2 ++
 templates/etc/nginx/router.conf.mustache | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/config/default.yml b/config/default.yml
index f1bd3d087..6fa275a0e 100644
--- a/config/default.yml
+++ b/config/default.yml
@@ -28,6 +28,8 @@ nginx:
   ssl_buffer_size: 1400
   ssl_prefer_server_ciphers: "on"
   ssl_ecdh_curve: secp384r1
+  lua_ssl_trusted_certificate:
+  lua_ssl_verify_depth: 1
   dyups:
     host: 127.0.0.1
     port: 14005
diff --git a/templates/etc/nginx/router.conf.mustache b/templates/etc/nginx/router.conf.mustache
index 0842a5d8d..6fc441ac7 100644
--- a/templates/etc/nginx/router.conf.mustache
+++ b/templates/etc/nginx/router.conf.mustache
@@ -55,6 +55,8 @@ http {
   lua_shared_dict resolved_hosts {{nginx.shared_dicts.resolved_hosts.size}};
   lua_shared_dict stats {{nginx.shared_dicts.stats.size}};
   lua_shared_dict upstream_checksums {{nginx.shared_dicts.upstream_checksums.size}};
+  lua_ssl_trusted_certificate {{nginx.lua_ssl_trusted_certificate}};
+  lua_ssl_verify_depth {{nginx.lua_ssl_verify_depth}};
 
   {{#dns_resolver._nameservers_nginx}}
     resolver {{dns_resolver._nameservers_nginx}};

From 04011476f6726ddf6108b3d30e44823b0e4f83b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Zu=CC=88rn?= <martin@weltundall.de>
Date: Fri, 5 May 2017 10:36:02 +0200
Subject: [PATCH 2/2] Wrapped lua_ssl_trusted_certificate in if

---
 templates/etc/nginx/router.conf.mustache | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/templates/etc/nginx/router.conf.mustache b/templates/etc/nginx/router.conf.mustache
index 6fc441ac7..ef3286cc1 100644
--- a/templates/etc/nginx/router.conf.mustache
+++ b/templates/etc/nginx/router.conf.mustache
@@ -55,8 +55,10 @@ http {
   lua_shared_dict resolved_hosts {{nginx.shared_dicts.resolved_hosts.size}};
   lua_shared_dict stats {{nginx.shared_dicts.stats.size}};
   lua_shared_dict upstream_checksums {{nginx.shared_dicts.upstream_checksums.size}};
+  {{#nginx.lua_ssl_trusted_certificate}}
   lua_ssl_trusted_certificate {{nginx.lua_ssl_trusted_certificate}};
   lua_ssl_verify_depth {{nginx.lua_ssl_verify_depth}};
+  {{/nginx.lua_ssl_trusted_certificate}}
 
   {{#dns_resolver._nameservers_nginx}}
     resolver {{dns_resolver._nameservers_nginx}};