MINOR: ssl: diagnostic warning when both 'default-crt' and 'strict-sni' are used
It possible to use both 'strict-sni' and 'default-crt' on the same bind
line, which does not make much sense.
This patch implements a check which will look for default certificates
in the sni_w tree when strict-sni is used. (Referenced by their empty
sni ""). default-crt sets the CKCH_INST_EXPL_DEFAULT flag in
ckch_inst->is_default, so its possible to differenciate explicits
default from implicit default.
Could be backported as far as 3.0.
This was discussed in ticket #3082.
(cherry picked from commit
18ebd81962e1f53b8f59bfee5b9795bff69ac16b)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit
a9010888c016718d1b5200e88b0410ad315f8f64)
[wla: BC_SSL_O_STRICT_SNI doesn't exist and must be replaced by
strict_sni]
Signed-off-by: William Lallemand <wlallemand@haproxy.com>
(cherry picked from commit
39f930548d188c92aacf3107dcb8e03bca069a4b)
Signed-off-by: William Lallemand <wlallemand@haproxy.com>
projects / haproxy-3.0.git / commit