---- h2o-2.2.2/./CMakeLists.txt~ 2017-04-23 06:26:35.000000000 +0300
-+++ h2o-2.2.2/./CMakeLists.txt 2017-09-29 15:26:44.945814814 +0300
+--- h2o-2.2.2/CMakeLists.txt~ 2017-04-23 06:26:35.000000000 +0300
++++ h2o-2.2.2/CMakeLists.txt 2017-09-29 15:26:44.945814814 +0300
@@ -495,7 +495,6 @@
ENDIF ()
INSTALL(FILES share/h2o/status/index.html DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o/status)
INSTALL(DIRECTORY doc/ DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/doc/h2o PATTERN "Makefile" EXCLUDE PATTERN "README.md" EXCLUDE)
INSTALL(DIRECTORY examples/ DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/doc/h2o/examples)
---- h2o-2.2.2/./lib/handler/configurator/proxy.c~ 2017-04-23 06:26:35.000000000 +0300
-+++ h2o-2.2.2/./lib/handler/configurator/proxy.c 2017-09-29 15:27:40.468710510 +0300
-@@ -298,7 +298,7 @@
+--- h2o-2.2.2/lib/handler/configurator/proxy.c 2017-09-29 15:27:40.468710510 +0300
++++ h2o-2.2.2/lib/handler/configurator/proxy.c 2017-09-29 16:26:31.316113990 +0300
+@@ -298,11 +298,10 @@
if (ctx->pathconf == NULL && ctx->hostconf == NULL) {
/* is global conf, setup the default SSL context */
self->vars->ssl_ctx = create_ssl_ctx();
- char *ca_bundle = h2o_configurator_get_cmd_path("share/h2o/ca-bundle.crt");
-+ char *ca_bundle = "/etc/certs/ca-certificates.crt";
++ const char *ca_bundle = "/etc/certs/ca-certificates.crt";
if (SSL_CTX_load_verify_locations(self->vars->ssl_ctx, ca_bundle, NULL) != 1)
fprintf(stderr, "Warning: failed to load the default certificates file at %s. Proxying to HTTPS servers may fail.\n",
ca_bundle);
+- free(ca_bundle);
+ SSL_CTX_set_verify(self->vars->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
+ h2o_cache_t *ssl_session_cache =
+ create_ssl_session_cache(H2O_DEFAULT_PROXY_SSL_SESSION_CACHE_CAPACITY, H2O_DEFAULT_PROXY_SSL_SESSION_CACHE_DURATION);