upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-03 20:39:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
haproxy/include
History
William Lallemand 0bf9d122a9 MEDIUM: ssl: generate '*' SNI filters for default certificates 
This patch follows the previous one about default certificate selection
("MEDIUM: ssl: allow multiple fallback certificate to allow ECDSA/RSA
selection").

This patch generates '*" SNI filters for the first certificate of a
bind line, it will be used to match default certificates. Instead of
setting the default_ctx pointer in the bind line.

Since the filters are in the SNI tree, it allows to have multiple
default certificate and restore the ecdsa/rsa selection with a
multi-cert bundle.

This configuration:
   # foobar.pem.ecdsa and foobar.pem.rsa
   bind *:8443 ssl crt foobar.pem crt next.pem

will use "foobar.pem.ecdsa" and "foobar.pem.rsa" as default
certificates.

Note: there is still cleanup needed around default_ctx.

This was discussed in github issue #2392.
2024-01-12 17:40:42 +01:00
..
haproxy MEDIUM: ssl: generate '*' SNI filters for default certificates 2024-01-12 17:40:42 +01:00
import IMPORT: ebtree: make string_equal_bits() return an unsigned 2024-01-06 13:35:42 +01:00
make BUILD: makefile: fix build issue on GNU make < 3.82 2023-05-24 15:51:03 +02:00