projects / haproxy-3.0.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 19b1412) | patch
MEDIUM: boringssl: support native multi-cert selection without bundling
authorEmmanuel Hocdet <manu@gandi.net>
Mon, 20 Feb 2017 15:11:50 +0000 (16:11 +0100)
committerWilly Tarreau <w@1wt.eu>
Thu, 2 Mar 2017 17:31:05 +0000 (18:31 +0100)
commit0594211987351eaf521577b798a3a461b043710c
tree86bdaf89329ce7e93d644a26561a3ef58c83fecetree | snapshot
parent19b1412e021451d4c7ac39750b556efaaf8639bfcommit | diff
MEDIUM: boringssl: support native multi-cert selection without bundling

This patch used boringssl's callback to analyse CLientHello before any
handshake to extract key signature capabilities.
Certificat with better signature (ECDSA before RSA) is choosed
transparenty, if client can support it. RSA and ECDSA certificates can
be declare in a row (without order). This makes it possible to set
different ssl and filter parameter with crt-list.
doc/configuration.txt diff | blob | history
include/types/ssl_sock.h diff | blob | history
src/ssl_sock.c diff | blob | history
haproxy-3.0 public tree. Stable production code.