projects / haproxy-2.5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d817dc7) | patch
MEDIUM: ssl: Enable backend certificate hot update
authorRemi Tricot-Le Breton <rlebreton@haproxy.com>
Mon, 25 Jan 2021 16:19:44 +0000 (17:19 +0100)
committerWilliam Lallemand <wlallemand@haproxy.org>
Tue, 26 Jan 2021 14:19:36 +0000 (15:19 +0100)
commitf3eedfe19592ebcbaa5b97d8c68aa162e7f6f8fa
treeeb4f8d2007e8271d64e840a5e6ad62d615ec18e9tree | snapshot
parentd817dc733eacfd7cf5bb0bbc6128f44644db078ecommit | diff
MEDIUM: ssl: Enable backend certificate hot update

When trying to update a backend certificate, we should find a
server-side ckch instance thanks to which we can rebuild a new ssl
context and a new ckch instance that replace the previous ones in the
server structure. This way any new ssl session will be built out of the
new ssl context and the newly updated certificate.

This resolves a subpart of GitHub issue #427 (the certificate part)
include/haproxy/ssl_ckch-t.h diff | blob | history
reg-tests/ssl/set_ssl_server_cert.vtc [new file with mode: 0644] blob
src/ssl_ckch.c diff | blob | history
src/ssl_sock.c diff | blob | history
haproxy-2.5 public tree. Stable production code.