haproxy

Author SHA1 Message Date

Author	SHA1	Message	Date
Marcin Deranek	310a260e4a	MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size Deprecate tune.ssl.capture-cipherlist-size in favor of tune.ssl.capture-buffer-size which better describes the purpose of the setting.	2021-08-26 19:52:04 +02:00
Remi Tricot-Le Breton	0498fa4059	BUG/MINOR: ssl: Default-server configuration ignored by server When a default-server line specified a client certificate to use, the frontend would not take it into account and create an empty SSL context, which would raise an error on the backend side ("peer did not return a certificate"). This bug was introduced by `d817dc733e` in which the SSL contexts are created earlier than before (during the default-server line parsing) without setting it in the corresponding server structures. It then made the server create an empty SSL context in ssl_sock_prepare_srv_ctx because it thought it needed one. It was raised on redmine, in Bug #3906. It can be backported to 2.4.	2021-07-13 18:35:38 +02:00

Marcin Deranek

310a260e4a

MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size

Deprecate tune.ssl.capture-cipherlist-size in favor of
tune.ssl.capture-buffer-size which better describes the purpose of the
setting.

2021-08-26 19:52:04 +02:00

Remi Tricot-Le Breton

0498fa4059

BUG/MINOR: ssl: Default-server configuration ignored by server

When a default-server line specified a client certificate to use, the
frontend would not take it into account and create an empty SSL context,
which would raise an error on the backend side ("peer did not return a
certificate").

This bug was introduced by d817dc733e in
which the SSL contexts are created earlier than before (during the
default-server line parsing) without setting it in the corresponding
server structures. It then made the server create an empty SSL context
in ssl_sock_prepare_srv_ctx because it thought it needed one.

It was raised on redmine, in Bug #3906.

It can be backported to 2.4.

2021-07-13 18:35:38 +02:00

2 Commits