mirror of
https://github.com/haproxy/haproxy.git
synced 2026-02-22 01:10:38 -05:00
bc2c386992
If the first active line of a crt-list file is also the first mentioned certificate of a frontend that does not have the strict-sni option enabled, then its certificate will be used as the default one. We then do not want this instance to be removable since it would make a frontend lose its default certificate. Considering that a crt-list file can be used by multiple frontends, and that its first mentioned certificate can be used as default certificate for only a subset of those frontends, we do not want the line to be removable for some frontends and not the others. So if any of the ckch instances corresponding to a crt-list line is a default instance, the removal of the crt-list line will be forbidden. It can be backported as far as 2.2. |
||
|---|---|---|
| .. | ||
| add_ssl_crt-list.vtc | ||
| ca-auth.crt | ||
| client1.pem | ||
| client2_expired.pem | ||
| client3_revoked.pem | ||
| common.crt | ||
| common.key | ||
| common.pem | ||
| crl-auth.pem | ||
| del_ssl_crt-list.vtc | ||
| ecdsa.crt | ||
| ecdsa.key | ||
| ecdsa.pem | ||
| filters.crt-list | ||
| localhost.crt-list | ||
| README | ||
| set_default_cert.crt-list | ||
| set_default_cert.pem | ||
| set_ssl_cert.vtc | ||
| set_ssl_cert_noext.vtc | ||
| set_ssl_server_cert.vtc | ||
| simple.crt-list | ||
| ssl_client_auth.vtc | ||
| ssl_client_samples.vtc | ||
| ssl_crt-list_filters.vtc | ||
| ssl_frontend_samples.vtc | ||
| ssl_server_samples.vtc | ||
| ssl_simple_crt-list.vtc | ||
| wrong_ctx_storage.vtc | ||
File list: - common.pem: PEM file which may be used by most of the VTC files.