Repositories - haproxy-2.1.git/commit

author	Dave McCowan <11235david@gmail.com>
	Wed, 30 Jul 2014 14:39:13 +0000 (10:39 -0400)
committer	Willy Tarreau <w@1wt.eu>
	Sat, 23 Aug 2014 05:35:29 +0000 (07:35 +0200)
commit	328fb58d745c03a0dc706da9e2fcd4e9f860a14b
tree	859dabc562c51040df29fc2031ca0121dd72a33c	tree \| snapshot
parent	7566e30477bf5ea4206bda5950d2d83108c4a3dc	commit \| diff

MEDIUM: connection: add new bit in Proxy Protocol V2

There are two sample commands to get information about the presence of a
client certificate.
ssl_fc_has_crt is true if there is a certificate present in the current
connection
ssl_c_used is true if there is a certificate present in the session.
If a session has stopped and resumed, then ssl_c_used could be true, while
ssl_fc_has_crt is false.

In the client byte of the TLS TLV of Proxy Protocol V2, there is only one
bit to indicate whether a certificate is present on the connection. The
attached patch adds a second bit to indicate the presence for the session.

This maintains backward compatibility.

[wt: this should be backported to 1.5 to help maintain compatibility
between versions]

include/proto/ssl_sock.h		diff \| blob \| history
include/types/connection.h		diff \| blob \| history
src/connection.c		diff \| blob \| history
src/ssl_sock.c		diff \| blob \| history