projects / haproxy-2.1.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c3775d2) | patch
BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1
authorEmmanuel Hocdet <manu@gandi.net>
Mon, 4 Nov 2019 14:49:46 +0000 (15:49 +0100)
committerWilliam Lallemand <wlallemand@haproxy.org>
Mon, 18 Nov 2019 13:58:27 +0000 (14:58 +0100)
commitc5fdf0f3dcf91435c943742eaf338167e761dede
treef586a00d43c32ab7acb75b6c4fa6059211e75bbetree | snapshot
parentc3775d28f9be97696e4ded94bf647c0d34cf9f54commit | diff
BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1

Certificate selection in client_hello_cb (openssl >= 1.1.1) correctly
handles crt-list neg filter. Certificate selection for openssl < 1.1.1
has not been touched for a while: crt-list neg filter is not the same
than his counterpart and is wrong. Fix it to mimic the same behavior
has is counterpart.

It should be backported as far as 1.6.
src/ssl_sock.c diff | blob | history
haproxy-2.1 public tree. Stable production code.